Forgot your password?
typodupeerror
Microsoft

Windows For Warships Nearly Ready 387

Posted by Hemos
from the like-windows-for-workgroups-with-guns dept.
mattaw writes "The Register is carrying the sanest and balanced article on Windows deployment in UK warships that I have read to date in the public domain. As an ex-naval bod myself we have long considered that this is potentially a REAL problem. The main issues are the huge amount of unrelated code that is imported with the kernel and the need for incredibly fast response times."
This discussion has been archived. No new comments can be posted.

Windows For Warships Nearly Ready

Comments Filter:
  • by AKAImBatman (238306) * <akaimbatman@[ ]il.com ['gma' in gap]> on Monday February 26, 2007 @12:21PM (#18153888) Homepage Journal
    I'm sure we all remember how well things went for the U.S.S. Yorktown [wikipedia.org]; an Aegis Class missile destroyer that ended up dead in the water after a crew member entered a zero into a database. Obviously, this was caused by the fact that the Yorktown's control software was of a really bad design. Critical systems should have never been so tightly linked that a failure in one area would cause a cascading failure across the ship. Still, it raised a lot of questions about the wisdom of using consumer software for life and death situations.

    Two years after that, the Navy had still not learned their lesson. The flagship of the seventh fleet, the USS Blue Ridge, was deployed in 1999 with Windows-based Command and Control systems [linuxtoday.com]. The result? The ship was infected with the Melissa Macro Virus. (Source - Section 12.4 [packetstormsecurity.org])

    I'm sorry, but when you're taking men into combat, you want equipment that has been designed to do what needs to be done, not pretty features that let the GIs open their email attachments. There's a reason why the current military setup in the US is for the crew to have their own laptops for personal use. Using a consumer OS in a battle-critical system is nothing but a recipe for disaster. It's too bad that Her Majesty's Navy has failed to learn from the mistakes of others.
  • As the article shows, the previous software was terrible already.

    I think you're missing the point. These are systems that control nuclear weapons. Not to mention, perserve the lives of sailors in both combat and non-combat situations. They've kept the existing systems because they work, not because they impress anyone. The prudent solution is to upgrade these systems cautiously, with an eye toward a zero possibility for failure. Which not only excludes the use of Windows, but excludes the use of Linux, Mac OS X, FreeBSD, or just about anything else that the military hasn't either built themselves or gone over with a fine-tooth comb.

    Consider the case of NASA. The Space Shuttle still runs on IBM's AP-101 computer systems from the 1970's. The only upgrade was a move from TTL circuitry to a semiconductor design. (The AP-101S.) Astronauts still pull out the flight manual and punch in program codes to execute computer-controlled flight maneuvers. More sophisticated systems are available today, so why hasn't NASA upgraded the computers?

    The answer is "because it works". The shuttle actually has 5 AP-101 computers, four of which are redundantly in sync to catch failures, and one which runs software written by a completely different team. Should any of the computers start giving different answers, NASA will immediately take measures to determine what is wrong, why, and how they can fix or work around it in whatever time window is available to them. (Obviously, some situations are tight on available time, and may require that manual control be established.) Just try getting that sort of reliability out of a Windows-based flight computer!

    I know this is Slashdot, where nerds like their OSes. But there are times when the best solution for the job does not involve your favorite OS, hardware, or even your design philosophy. People's lives are on the line. It's best that the right choice be the one that provides the absolute best chance of preserving those lives rather than taking the chance (however infinitesimal) in exchange for some pretty buttons to click on.

    I'm not saying that Her Majesty's Navy shouldn't upgrade her systems to ones with better combat effectiveness, but I am saying that Windows-based systems are not it. Not the software, not the hardware, and not the overall design. It's the wrong solution to the problem. I can only pray that it doesn't get someone killed.
  • by malevolentjelly (1057140) on Monday February 26, 2007 @12:59PM (#18154488) Journal
    Did you just mention OSX? As a military option for an in-ship workstation? This isn't an iShip... I don't think that's possibly unless they're using the new NuclearPod.

    I think an embedded(or even non-embedded) Windows solution would be fine for low-performance systems that aren't driven to the needle's edge hardware-wise. They're certainly more practical for secure development on the available frameworks.

    Whoever mentioned that these systems would be driving nuclear weapons is really looking at this the wrong way. The nuclear weapons console will not be in anyway networked to the navigation system- unless they're insane. They're likely using high-performance embedded RTOS for that.
  • by wiredog (43288) on Monday February 26, 2007 @01:19PM (#18154834) Journal
    the article [theregister.co.uk]. Scroll down to Big step forward and read the bit "anyone who has spent time in an RN warship is entirely accustomed to seeing equipment on which he may depend for his life occasionally throw a double six for no good reason. Windows may be unreliable, but it's hard to imagine it being as failure-prone as the kit which is out there already."
  • by Kadin2048 (468275) <slashdot@kadin.xoxy@net> on Monday February 26, 2007 @01:41PM (#18155254) Homepage Journal
    There are a lot of ways that a compromised OS kernel could cause problems. It's never in complete isolation from the outside world.

    Specific vulnerabilities would depend on function, but if you're designing a backdoor, you can certainly find a way to trigger it that doesn't depend on a network connection. Particularly if you have access to the device drivers and stuff at the same time, you could figure out a way to trigger the backdoor through a device that's not normally assumed to be a security threat.

    It's just not the sort of thing you'd want to bet on; you're letting somebody else, presumably untrustworthy, write and compile the kernel code that runs on the bare metal. From that point onwards, you can't trust anything that the computer does. Unless you're keeping it inside a walled VM and inspecting every bit of data that it gets passed, you're vulnerable (and even then, you're just pitting yourself against the people trying to pass it some specially-crafted data to trigger the exploit).
  • by dprovine (140134) on Monday February 26, 2007 @02:29PM (#18156048)

    And for what it's worth, if I were the CIA in the U.S., you'd bet I'd be leaning on Microsoft to seriously backdoor every piece of software that it sold for military purposes abroad.

    You might do that, but that's not all you'd do. If I were the CIA, I'd be sure that at least a dozen or so CIA agents with impeccable references applied for jobs at Microsoft, and had back doors in the code and smuggled private stuff out for analysis and all kinds of similar work. I'd also do that if I were the FSB, or Mossad, or any other government intelligence agency. But as Microsoft is in the USA, I'd figure the CIA has an easier time of it.

    I'd also have agents at Sun, and Apple, and IBM, and Xerox. This isn't a Microsoft rant; this is just pointing out that "good spy agencies have good spies anywhere machines are made that process important information".

  • Two things (Score:3, Interesting)

    by Sycraft-fu (314770) on Monday February 26, 2007 @02:43PM (#18156296)
    1) MS source is not a black box. Many institutions have copies of it. No, it's not open to every person in the world but it isn't this amazing trade secret. Many major universities have it (ASU is one I know of) and I'm sure as part of this the British government has it as well, if they didn't already.

    2) All the training and whatnot still doesn't change the fact that you can only get parts from US suppliers for US hardware. Iran is in that situation with the F-14s the US gave them back in the day. They have very few that are operational as they've had to strip them for parts since they can't buy replacements.
  • Re:Oh Come On... (Score:3, Interesting)

    by jonbryce (703250) on Monday February 26, 2007 @03:54PM (#18157470) Homepage
    Northern Ireland perhaps?

    Britain tends to support the unionists who want NI to stay part of the UK. The US tends to support the republicans who want NI to become part of a united Ireland.

Disclaimer: "These opinions are my own, though for a small fee they be yours too." -- Dave Haynie

Working...