Umm, isn't that due for EoL in only a year or two...
The Royal Navy and BAE Systems plc were pleased as punch yesterday to announce that their implementation of Windows for Submarines™ is complete ahead of schedule. Windows boxes on Ethernet LANs are now in control of the UK's nuclear-propelled and nuclear-armed warship fleet. The programme is called Submarine Command System …
I thought the main cause of the USS Vincennes Airbus disaster was having an overly-aggressive fleshie in charge, not a possibly insecure or ineffective computerised fire control system? As I recall, the Aegis fire control system did its job right to spec., it was the fleshies reading the situation that got it wrong, mainly due to poor processes and an aggressive mindset probably partially brought about by the attack on USS Stark the year before, where 37 US sailors died becasue they didn't react when attacked by an Iraqi Mirage.
In the meantime, I'm staggered by ANYTHING being installed by the MoD in only eighteen days! And BAe saving money with an off-the-shelf purchase - what a scary precedent! Next you'll be telling me it didn't require 200+ civil servants to support the purchase.....
What was wrong with Vista then, eh? Surely its inability to copy files properly didn't affect the decision.
Why not Windows Server 2008?
They picked a buggy, slow, insecure, old and soon to be dropped version of Windows. How on earth did that happen? I thought the military were supposed to be good and to get the best of everything.
StopMissileDestroyingEarth.exe has encountered an invalid page fault and will be shut down.
If you were working on keeping the missiles locked down and not launched then your hope has been lost.
Please save your submarine to your planet in a safe location to continue living.
Do you wish to send Microsoft an error report? [YES] [NO]
Mines the one with the blue screen of death screenshot on it.
"The use of commercial-off-the-shelf technology is expected to save the taxpayer as much as £22m in support costs over the next ten years - a bit more than £2m a year, or about a thousandth off Trident's running costs."
Or... scrap Trident and its renewal programme and save £15-20bn.
All those laughing at the notion of a piece of off-the-shelf malware disabling a submarine may wish to reconsider their positions.
Let's just hope that a group of security experts were allowed to code-review the version of Windows being used. One assumes that the MoD also get a different license agreement than the rest of us, or choose to ignore the part about mission-critical systems.
If they can do it with Windows they can do it with Linux or gOS or whatever...? But why would they want to? is a better question? Does this mean that we'll have a Seaborne BOFH episode soon?
There may be a capital cost saving, there may be an operational cost saving but I'd be very interested in knowing that the risk assessment for the implementation took in a few more areas and looked at the critical performace parameters affected by this dinky idea.
But, hey, I'm only a taxpayer and crown subject - why should my interests matter when its "toys for the (armchair) boys".
I know that at least *some* of the systems on the T45 are Windows 2000 based and have proved to be stable platforms in (very) extensive testing. I have no experience of the XP systems, so can't comment there.
Anon, because I have no wish to be visited by the Black Helicopters!!!
Racist twat, if you were better informed or educated you would know that a lot of the current navy spending is in the south of England, in Appledore, in north Devon, Portsmouth, Barrow-in-Furness. Never mind the many other MoD contracts given out to English based companies. Ffs are you not happy enough that they have destroyed pretty much every historic Scottish Army regiment. TBH I'm Surprised there is anything still made in Scotland after the Tories, who were not voted for in Scotland, demolished pretty much all heavy industry in fact try reading more of Lewis Pages articles and you'll see that although he tends to be anti scots he does admit this:
"the Conservatives cynically shifted Trident submarine refit work south at huge cost, abandoning a partly-completed drydock" This was from Gordon Browns constituancy.
It looks like you are trying to launch a nuke. Are you sure?
You do not have to correct permissions to launch this application. Please log in as the Administrator
It looks like you are trying to launch a nuke. Are you sure?
trident_nuke.exe has encountered a problem and needs to close. Sorry for any inconvenience. Do you want to send an error report to Microsoft?
Back in my day (1989), the Ferranti FM1600B was the backbone of the ship's 'information superhighway' and the OS was loaded from punched paper the point being that paper tape was immune to EMP. I presume these windows boxes will have magnetic HDD's....interesting.
Give me the 1600B any day. Setting switches on the main console so that the bit display counted in binary was much more fun than playing minesweeper :)
I wonder who will support this?
I worked for a company who provided support to the Navy at one of their training facilities. They were just about all Windows desktops apart from a few thin clients which were running Windows Terminal Services.
I remember on one occasion that one of the Terminal Servers in the cluster fell over and started to take down all 10 machines in the cluster.
All I can say is GOD HELP US ALL!
Anon as they had blokes with rather big guns at that place.
"Windows for Wetgroups™ is of little importance. Let's face it, new Navy bathtoys are only there to keep the Scots in jobs and voting Labour. Life in the Faslane eh?"
And it's so successful we now have an SNP government. Of those that care about it, no-one wants Trident in Scotland and it's one of the millstones round Scottish Labour's necks.
For the consoles on today's industrial control systems, Windows isn't a bad choice. This obviously isn't an out-of-the-box install, with all manner of DLL hell and yucky services running. This is a Windows kernel with some proper device drivers for the specific hardware, likely to be pared back to the minimum install, with few if any network services running. Think of it as a display appliance based on a Windows kernel.
This is as far from the bloated free-for-all of a consumer installation as a Linux kernel based appliance is from Intrepid Ibex. I'm no Microsoft fan, but do try to judge the system as deployed, not your own pre-conceptions of transplanting a c**pware infested peesee into the environment.
Is there cyrypto/authentication on the internal LAN? Could I just plug a laptot in and even bridge it to the totties WiFi? Just because a network is isolated from the rest of the world does not mean its secure, so you have to be there to hack it, or point guns/money at someone who will do the job for you.
... having no desire to be visited by Black Helicopters, I shall remain anonymous.
Windows for Warships, or whatever it's official title, doesn't necessarily run everything. Consoles and some peripheral devices may be hosted via a Windows box, which, incidentally, will have a carefully customised build installed, but some core functions may, and probably do, remain on specialised hardware. As to reliability, you'd be surprised how reliable a PC can be if it's properly housed and hardened, and built from good components in the first place. I could tell you stories about PCs surviving some fairly severe events, but ..... then there's those darn Black Helicopters again.
And it's not like they sit you at a screen with regular keyboard and mouse - the user interface is specially built, including customised buttons (for example, on a separate touch-screen).
Of course, they'd have done better if they'd chosen Linux, but if they were smart enough to do that, they wouldn't be working in Defence.
Oh, regarding the "man in the loop" missile release argument .... seeing as I work very closely with those systems ......... generally speaking, Lewis is right. For example, this can happen now when ....... oh, darn, Black Helicopters again!
Here in the Sovietski Soyuz ve use your open sourceski softvare for ze veapons. Ve can see vot ve're doing and ze guys vot write ze vindows wiruses all vork for us anyvay. Ve vouldn't use zat stuff if ve vas you. Bottoms up boobies!
Ve've got girls like Paris too; have a quick Pinsk at Ludmila Komsomolskaya Leningradskaya Petrovsky Kalanchevskaya here - by the time you say zdrastvuitye she's half way to Norwich already.
" I thought the main cause of the USS Vincennes Airbus disaster was having an overly-aggressive fleshie in charge, not a possibly insecure or ineffective computerised fire control system? "
I think his point was that the Vincennes shot because the Airbus didn't respond to the warnings made on the radio, and that a computer failure could result in a similar loss of comms systems, meaning no response to the warnings....
The USS Vincennes episode was indeed as Matt describes. One of the reasons *why* the T45 is the way it is.
@AC (Linux? 12:59) who would "be very interested in knowing that the risk assessment for the implementation took in a few more areas and looked at the critical performace parameters affected by this dinky idea" - yes, there is extensive risk analysis in the design / configuration of COTS products for military applications.
@Cameron Colley: "Let's just hope that a group of security experts were allowed to code-review the version of Windows being used. One assumes that the MoD also get a different license agreement ". Sadly, 'no' and 'no'. Windoze is as grey a lump of sludge to MoD as it is to any other end user; the assurance derives mostly from the extensive testing alluded to by the AC worried about helicopters.
> Let's just hope that a group of security experts were allowed to code-review the version of Windows being used. One assumes that the MoD also get a different license agreement than the rest of us, or choose to ignore the part about mission-critical systems.
Heard the one about the Chinook codes? Hope and assume what you like, but do you suppose the Chinook codes are worth more or less than Window$? Right. And with HMG's record on data security? No chance.
Are you kidding? You fly at a warship that's been shot at (or had buddies shot at) and you don't expect a smacking?
From the transcript of the situation, I would have shot down that Airbus myself. Better them blown up than me being blown up.
"Fire when ready!" icon for obvious reasons!
@AC and others: Are _you_ serious? You've read the (US released) transcript and would have pressed the button yourself? This here is the problem. Similar to the linked BBC article, you've taken what the people who shot down the airliner said, and not done any research. Would you take Osama bin Laden's word on whether those in the Twin Towers deserved what they got?
There's more to it than the transcript. Four examples: 1. The ship attempted to contact the aircraft on military frequencies; correct (civilian) frequencies were not tried. 2. The ship's crew, and captain, had up to date civilian air schedules and the plane was flying bang on time, to schedule. 3. The aircraft had its (civilian) transponder on. 4. The ship was sitting directly under the flight path for the main airport in Tehran, challenging every aircraft entering or leaving the airport, and had repeatedly been asked to move by Iran for being over-aggressive - the Iranians were correctly worried that it was inviting disaster.
The commander was trigger happy, and shot down a correctly operated civilian aircraft containing 300 people. And nothing was done about it. There was no accident, but rather a complete disregard for procedures, human life and foreign sovereign powers.
to the reg: To imply that it was in any way connected to the ship's computer systems would be akin to blaming the first world war on the car Franz Ferdinand was in, as it didn't protect him from the bullet.
As Dunstan and AC @ 14.00 pointed out, this is NOT going to be your standard box. It'll more than likely be the embedded version, which has been used very seccussfully in several commercial environments. Avolites use it in their Diamond 4 consoles, which are used to control the lights at very high end, high profile concerts - imagine the embarassment if that crashed! Not the same disaster potential as a submarine system crashing, but heads would still roll, and the kit wouldn't get used. The fact that it *is* used, very widely, should be a pretty good indication that the Embedded versions, which speficically designed hardware and drivers, is a stable and versitile platform. It's the same reason that abombination OsX is stable - specifically designed hardware and drivers that are all built around each other.
They'll install any of the following, if only for those long cold nights on patrol...
Command & Conquer (Red Alert, of course, gotta keep those Commies at bay...)
Harpoon (for the oldies out there, but it might struggle on XP....)
Silent Hunter (pretty obvious, for the Subs out there - could look at 688 Attack Sub as well....)
Or maybe give the crew access to WoW.....
Is it not the accessibility of windows that a makes it accessible to the average Joe but also vulnerable...
I just cant see the sense in installing this on military hardware, and don’t tell me its the cost savings, if the gov wants to save money (and I work for the Australian gov) they should be looking at the excessive management levels (we have a ration of 6 staff to one manager and that does not include people classed as team leader's or supervisors) or even better cut the expense accounts of the higher ups, man could I tell you some stories about wasted revenue....
But I digress. the military hardware should have limited or no accessibility, it SHOULD require high level of skills (and thus high levels of training) to use, do you want someone in charge of weapons/critical systems because they were available and have the ability to click a mouse or because they were capable and not only know how to use their equipment but also know exactly how it works.
Anyway I will see you all in Armageddon....
Think about it, Windows has a nasty habit of simply "Not detecting" any non-Windows hardware/software.
So how long before this conversation during maritime combat?
"How many enemy ships out there, sailor?"
"Windows Sonar shows non sir!"
"What? But I see at least four of the devils in the periscope!"
"The bastards must not be using Windows compatible craft sir!"
"Well, can we at least get a weapons lock on them?"
"No Sir! All I get is `No compatible enemy found, (A)bort (R)etry, (I)gnore'"
"S'truth, We're Buggered!"
And to highlight a few more blunders made by the crew:
A) The radar operator left the FoF cursor locked on the fighter plane taking off *behind* the airbus. Thus the radar kept on reporting on the *fighter plane* while the operator kept on trying to contact the Airbus. PEBCAK.
B) The operator kept on trying to contact the "fighter aircraft" coming towards them, why the frack would the airbus pilots respond to such a challenge?
C) The captain had placed his ship *outside the zone of engagement*. Or, to put it in really simple terms: according to his orders, he wasn't supposed to be there.
And, BTW, this is from a US report on the incident. So get off your jingoistic high horse: the crew fracked up, plain and simple. Mistakes happen, and this was a tragic one. But don't try to shift the blame from where it lies.
Military hardware *does* have "limited or no accessibility" - it is locked down by security measures both physical and electronic. It *does* require high levels of skill (and thus high levels of training) to use. We are talking about an operating system here FFS not the applications that run on the OS. I can assure you that MurderDeathKill.exe and its compatriots *will* require some fairly intensive training to run. BtW, you may be surprised to know quite how much Australian military kit runs on Windoze.
@Lewis - I do not know the Type 45 Combat System architecture but I'd be *very* surprised if it doesn't run on its own dedicated CS LAN which is isolated from the general admin LAN and other LANs with limited (or no) external access points. The only gateways in or out of the CS LAN will (I am educatedly guessing) be dedicated LINK x interfaces to allow mesh nets of some description, thus it will not be "connected to other networks off the ship as a matter of routine". And as for "and physical access to a destroyer is hugely easier than to a sub as well" - yes it is but one would hope the areas where the CS resides would be locked down whilst in port and access to sensitive areas severely limited.
Errr... prime minister, sorry to wake you...
We have a little problem with the Americans...
You know the joint naval exercises in the Atlantic?
Well... Our air defence destroyers accidentally took some Americans...
Good God! How many?
A couple of SAC bombers off the North West coast of the US...
??!!!!??? North West Coast? How?
Our boffins say it had something to do with a memory leak causing eddies in the time-space continuum... Unfortunately that's not all... They were carrying nukes... They went off...
Good lord. Casualties?
Some place called Redmond is now flat, radioactive glass...
This is going to be a mistake. There was a classic example of Windows being put into a warship and then being demostrated infront of top brass, the result was the warship lost propulsion and was just dead in the water.
I wouldn't go anywhere Windows for such applications.
What worries me is why someone would design in a Windows operating system into such an operating environment as a submarine when there are other operating systems which are a) more reliable, b) cheaper.
Everyone - or anyone in IT does - that Unix/Linux based platforms are inherently more stable, reliable. Why even take the risk of using Windows in this kind of environment?
I fail to see there's any rational argument for using Windows.
This is far and away the most frightening piece of news I have seen this millennium. OTOH there is the consideration that, as our glorious navy now has far more admirals than ships (the classic acid test of viability) and also lacks fuel to put to sea, this equipment will probably sit at the dockside until it rots. (The sooner the better).
I shall no doubt sleep much sounder in my bed happy in the knowledge that the front line of western civilisation as we know it is protected under the watchful guidance of Windows/Xp. No worries for me then that in my wildest nightmares the big red button is managed by IE7 and potentially hackable by every wannabe terrorist with a desire to loose off a trident in the direction of London. Just joking !. I know that nothing like this stands the remotest possibility of happening with Windoze at the helm. Just can't wait until they release Windoze for Nucular Missiles (TM).
Windows in a submarine; I LOVE it. I hope they have screen(door) savers.
More seriously, re shipkillers boring in without defense, one need look no further than Sheffield, burning with an Argentine missile in her, radar shut down because it interfered with radio comms. Short Wave listeners who have home Ethernet suffer from interference too; will the RN encounter it?
There was some time ago news the US Navy was soliciting PLT (BPL) for shipboard use. Given that system's known problems, let us hope the RN isn't so enamored of COTS as to fall for it!
I was unaware that the Australian military used Windows for combat systems, if this is the case I am a little concerned.
Just to make myself clear I have no issue with a stores clerk or motor pool officer using an access database (or what ever DB) running on XP.
But we are talking about Combat systems, and it’s all fine and well to say that the applications require a high level of skill and training but if the OS is stuffed the KillDeath.exe application is useless.
And I am not a Windows fanboy nor a Linux fanboy they have there place in the IT world and as far as I am concerned I just don’t see windows place being the OS of the computer in a big metal tube with a large number of lives at stake at 500ft under the water .
There WILL be problems and with all respect if you dont think it will happen you are only kidding yourself.....
Just to clarify, for the curious:
The first version of SMCS, built for the Vanguard boats, used Ada on distributed processors. Hence the "OS" was the chosen Ada run-time, together with the special message-passing middleware which strung it all together. No COTS there.
The next significant version was modified for the Swiftsure/Trafalgar attack boats. The consoles (i.e. the client systems) were converted to COTS UNIX. For the Astute class design, the servers were also converted to COTS UNIX. So by 2000, the entire SMCS design had been converted to use COTS hardware and OS foundations, albeit not PC architecture.
In 2002, some bright spark decided the future would only contain cheap PC hardware. Management thought that "PC"="Windows". Wonder where they got that idea? So SMCS-NG was proposed as Next Generation SMCS to be rebuilt on a Windows NT OS foundation.
But another bright spark (okay, me) pointed out that the logical and low-risk evolution was to convert the COTS UNIX version of SMCS to use open-source-UNIX, and still reap the benefits of commodity PC hardware. Personally I favoured BSD over Linux, but I wasn't that bothered, so long as it wasn't Windows. So I proposed SMCS-OSS instead (Open-Source-Solution?), explaining why this would be cheap, simple, safe and swift to do. Simpler code migration, hardware-independence hence retro-fittable, zero licence costs (CALs wot CALs?), zero licence dependences, heaps of dev tools, supplier-independence, foreign-supplier-independence, low on vulnerabilities, heaps of available programming graduates schooled on Linux, and so on. I'm sure you can fill in the blanks.
I knew one simple fact: "PC" not= "Windows". Two years tops, I reckoned, to make SMCS-OSS. All over by Christmas 2004; after that, we'd own the code forever.
However, BAE and the MoD rejected the suggestion of SMCS-OSS and chose instead to wed themselves for the next thirty years to the notion of Windows-for-Warships. SMCS-OSS got tossed. As did I, of course.
As ye sow, so shall ye reap.
Loved the comment from Kevin Bailey but perhaps it should read like this...
They picked a buggy, slow, insecure, old and soon to be dropped version of Windows. How on earth did that happ...oh wait... they're ALL buggy, and insecure out of the box, eventually becoming slow, old and soon to be dropped by the vendor.
This post has been deleted by its author
I've seen equal amounts of both, so the idea of windows crashing, doesn't bother me any more or less than linux dying.
Also, the US navy has been using windows in various capacities on their warships for years. I can't think of any major windows related disasters at sea off hand.
The argument for picking an old version of Windows is the argument why the Space shuttle uses very old computer and electronics technology and not the latest uptodate stuff: it's been shown to be reliable, that is, it's been in service for a number of years to demonstrate that.
We all know that the latest and best is always buggy and takes a few versions to iron them out.
I'd like to see the documents surrounding the justification of the decision to go with Windows, wonder if I could aquire that under the Freedom of Information Act?
The reason to choose Windows in this environment seems really simple to me. If they had chosen Linux they would have had to build their own distro from scratch. Grab the Linux kernel and modify it heavily removing every driver possible for the kernel to ensure it works perfectly for the submarines hardware.
They would then have to (under GPL) release the kernel modifications for Johnny Terrorist to have a gander at, as well as Johnny Foriegner to have a look at and install on their submarines.
Simply put, with Windows they don't have to release any modifications to the world wide community, they can strip it down to the basic minimum required for the task at hand, and they can do it quickly, rather than having to re-programme the entire kernel and develop their own OS before even getting to the installation of BlowUpTheWorld.sh version 0.0.1.
Biting the hand that feeds IT © 1998–2022