RE: Linux on military aircraft

-----Original Message-----
From: JF Mezei [mailto:jfmezei.spamnot@xxxxxxxxxxxx]
Sent: August 3, 2006 2:03 PM
To: Info-VAX@xxxxxxxxxxxx
Subject: Re: Linux on military aircraft

"Main, Kerry" wrote:
Scenario #1 - you need to release all your code to the
Internet so that
everyone can see what your code looks like with the idea
that the few
senior resources out there that really understand cluster, SMP,
threading security can review it to see if there are any holes.

Finding weaknesses isn't the issue here. The real issue is having a
vendor who actively provides resolution of problems in a
timely manner.

Let me ask you this: over the last couple of years, how much
has the VMS
engineering headcount been reduced ? (include the TCPIP services group
in that since that is functionally part of the kernel as a
core feature
needed for a modern OS).

When you reduce headcount, you cannot expect to maintain the
same level
of responsiveness to problems when they arise.

What happens when there is only Hoff, Fred and Guy left to
maintain VMS ?

In an open source environment, a core set of developpers could then
accept/coordinate input from the community and still provide state of
the art OS with timely fixes for problems. But in a closed source
model, those remaining 3 would not be able to cope with the
workload and
all we'd hear is silence on many issues because none of them would be
prioritised for those 3 extremely overworked resources.

Like I said - approaches to security can be a religious discussion that
is on par with what is the best OS platform.

Lets agree to disagree - neither of us will convince the other that the
other way is better.

Scenario #2 - like the big bank concept, Customers trust
their preferred
vendors to address and maintain high security with their products.

Yep. And customers want to head from their vendor when they
hear a CERT
advisory against BIND 8 and they know they are running BIND 8 on their
VMS hosts, yet, years later, still not a word on whether a
affect the VMS version or not.

That was you alone as far as I know. Have any Customers ever formally
asked Engineering for this info via formal channels (and c.o.v. is
definitely not a formal channel)?

The OpenVMS TCPIP Engineering group reviews security issues and
addresses them ASAP if they impact OpenVMS.

Secondly, and I have news for you, Banks now buy
shrinkwrapped software,
run way too much stuff on Windows, Linux etc. Quality control is way
down. Just look at the quality of HTML on their customer facing web
sites and the number of errors on them. Inspires a lot fo confidence
about their backroom code, doesn't it ?

I agree that IT standards have slipped significantly. I would also argue
that this slippage is now one of the reasons why many so many Customers
are looking at outsourcing. Their BU's are having way to many IT
problems internally and think (rightfully or wrongly) someone *must* be
able to do it better.

The internal IT groups could correctly state that part of their problems
stem from the BU's lack of funding for IT, but that argument is usually
lost in the wind somewhere ...

Consider the Royal Bank of Canada a few years ago who had a "glitch"
that lost money in customer accounts. Bank standards have
gone way down
in the last decade as banks adoppted a "we must adopt the newest .com
technology before our competitor" policies.

Banks had 0 experience in modern technology, having been sheltered by
IBM into the MVS/SNA world for so many decades. When they
awoke to .COM,
they panicked and hired anyone and everyone who claimed to be
in unix and TCPIP and stuff such as ethernet which had not had a place
in banks in the past. And their quality controls for those new
technology was only as good as thoer newbie people they hired who had
great CVs but no experience. (or recycled MVS experts who had no clue
on what TCPIP/ethernet/HTML was).

Many banks are in a huge panic right now because of regulatory
compliance issues like SOX and Basel II. One of the benefits of these
regulatory requirements is that it is forcing a return to best practices
from an IT perspective.


Kerry Main
Senior Consultant
HP Services Canada
Voice: 613-592-4660
Fax: 613-591-4477
(remove the DOT's and AT)

OpenVMS - the secure, multi-site OS that just works.