Ideally for improving security, they should invest on supporting open source software, hardware and standards. Open Design Principle is much better long term strategy than Security by Obscurity. But for developers in China, there are a lot of obstacles with contributing to open source communities worldwide, so I can see that probably not going to happen.
End of the day, policymakers are more educated with economics than cybersecurity and computer science. They probably still gonna use Microsoft products.
>They probably still gonna use Microsoft products.
Even if they did get rid of most MS products. Some senior guy probabbly fires up windows and installs a dozen search bars.
I knew a guy who served in the gulf, he was pretty high ranking, handled some security stuff. Got a request from someone important to basically break all the rules because important guy didn't want to walk too far from his CHU to make a call home.... but he was high enough ranking so they did it. It wasn't even a far walk.
If you do it right, you get all the core components without incompatibulities.
But you will have to do more by hand and yes, then there is also a chance that you mess up those patches and create new vulnerabilities. But if you have a big budget ... like if you are a big military and security really matters, than it is probably worth it.
If they don't use Linux, I wonder how long it will take them to have something productive for the average worker.
I mean, Android took a decade to be usable, was built by one of the most talented and rich company on earth. Yet it is still limited in what it allows you to do: no office suite, limited driver support, weak multi-monitor, can use few FS formats, no RAID, etc. And that is despite Android actually wrapping a Linux Kernel.
Not to mentions they'll need to get so many basic tools ported.
No matter the high competence of the Chinese tech scene, their ability to brutally push an agenda and the number they can throw at it, I can't imagine a scenario where those resources wouldn't be better spent validating and customizing an existing distro.
However, I can imagine many reasons they would choose the harder road. And as a geek, I find it sane to remind myself that technical efficiency is not the goal of all entities.
Limited driver support? Android devices are typically highly integrated: they use custom SoC's (that you've never heard of) with drivers developed specifically for those SoC's and their blocks.
(Oh, your amazingly rare phone has a PCI slot, and your graphics card is not supported, bummer!)
My friends dual Pentium Pro system is capped out at 2GB of ram. Many older machines got maxed out ram wise if you bothered to upgrade them at all when previous gen ram goes super cheap.
If I can teach my aging mother(57) to use standard ubuntu 18.04 as her first computer ever then anyone can learn linux. Everything she needs is clearly presented in the bar of application icons and the ancient scanner/printer someone gave her works perfectly. Bonus points for when I go visit and there is a handful of .exe's hacked facebook friends convinced her to download sitting uselessly in the download folder.
"the average worker" doesn't just want to check their mail and watch videos. they want to use MS OFFICE suite, never see a terminal, backup/restore with ease, ask someone who isn't an IT pro how to fix something, also get support from their IT department, use the vast amount of legacy/proprietary enterprise software that their workflow is rooted around.
Not to pick on you, but why when the question of Linux as a Windows substitute comes up, do people always have to offer anecdotes about their mother. I'm no SJW or radical feminist, but honestly, let's move on from that.
My comment is about "the average worker", not friends and family / personal use. For which, in my highly uber technical group of friends and family, (where mothers are C++ programmers), maybe 1 out of 20 (generously) find a Linux desktop usable.
Only in this forum, where people recognize the horrid low contrast, gratuitous whitespace, excessive bloat of the latest javascript "framework", know the difference between modeless and modal dialogs, understand why the gmail UI keeps moving in the wrong direction -- only in this forum, where UX is understood as a real "science" that needs attention, will people actually also claim that the Linux desktop is usable. It boggles the mind.
Ubuntu with wine now days works with 90%+ of legacy apps. And with Valve putting it's muscle behind it many older games are running well as well now. So I don't think Chinese goverment would have much of a problem moving off windows
I'm surprised that "security by obscurity" is touted as a way reduce attacks. This is almost guaranteed to lead to less diligence in the code — and more risks.
Obscurity isn't supposed to replace security, it just aids it. Note that the US government heavily practices this, with 'Suite A' cryptography. Most other governments have similar practices.
I wonder how much that has to do with human nature thinking "well this is obscure" so then they don't secure it as if it was 'customer facing' or less 'obscure'.... and thus leave it more open than ever.
I knew a place that assumed such things, crazy insecure. They also played the "well this shouldn't be exposed to the internet" game as well.
> In recent years, security through obscurity has gained support as a methodology in cybersecurity through Moving Target Defense and cyber deception.[9] NIST's cyber resiliency framework, 800-160 Volume 2, recommends the usage of security through obscurity as a complementary part of a resilient and secure computing environment.
I strongly suspect that this new OS will be coming from Huawei.
It makes sense that a Chinese company develops an OS for their own government. We are in the spyware era, afterall.
I wouldn't be surprised to hear, years later, that Huawei's "backup" effort was never to replace Android on consumer devices but to fork it for Chinese government use. It's too convenient an excuse to have so much work done on so many doomsday scenarios. Huawei, I think, was already tasked for the new OS(es) by China.
Similarly, their efforts to replace Windows[0] was to provide their government with a "homegrown" OS solution. Not unlike Sailfish in Russia[1].
As much as I like the idea of a new OS competing on the world stage, preferably based on Open Source... it's simply not going to happen coming from either Huawei or China. Control of data is the the overriding motivator among nearly every tech firm and government. When these transitions take place (gov and Huawei consumer), I might as well be running RedStar OS or a US-based commercial alternative.
Huawei is not developing desktop OS. It has been developing a mobile/IoT OS. And I don't think anyone would develop a OS from scratch given the obvious option Linux.
I would not be suprised if it is an offshoot of FreeBSD. That way they could get away from the GPL license altogether and wont violate any licensing agreements.
If they based it off Linux, unless it was avalible to download online, it would probably infringe on the GPL somewhere. Assuming they care about those things.
I could be wrong, but I thought the GPL basically said "anyone who has access to the binary must have access to the source code". This is why you're allowed to write a webserver with GPL libraries without having to worry about releasing the code to the users (unless it's AGPL), since the users don't have access to the binary, just the stuff that the binary is producing.
If that were the case, I think they'd be in the clear legally to use Linux as long as they offered to provide the source code to anyone in the military who had access to the binary, which wouldn't be the general public.
That said, just to avoid the headache, I'd probably choose FreeBSD as well if I were in charge of the Chinese military.
Because each of their copy of Windows is properly licensed now, and they wouldn't want to blemish their saintly compliance record when they switch to something else.
I read somewhere that Soviet Union fell because it spent all its funds on projects like this. I wonder if this is beginning of the end or if they will be able to pull this off?
It might be a good sales pitch for “US-hardened equipment”.
Yes, but the Soviets were running their entire economy like that. China and the US do stupid thing like that with their military spending all the time but they're taking in resources from healthy civilian economies rather than sclerotic ones.
I'll just point out that "replace foreign vendors with domestic for security reasons" is exactly what the US is trying to do to Huawei. I think the US and China are equally capable of succeeding at this kind of project..
I'd say the Chinese are more capable of this than the US, if for no other reason than that's the place where almost all hardware and hardware components are already made.
I am surprised that some comments state that it "has to be linux". Since they can't magically reduce the time it would take to develop something that complex nowhere near their time constraints, it obviously has to start with something that already exists. But Linux is not the only open source OS out there, folks. If I were charged with this task, i'd start with OpenBSD, given its focus on security. The fact that most of base is BSD licensed also helps because no changes would be legally required to be opensourced. It also can run modern web browsers and libreoffice, which is a significant part of what goes for "desktop" computing these days.
Why would a Chinese Linux derivative need be open source? It's not like you're going to go into China and force the government to comply with your license.
It would be legally required to be opensource, whereas with BSD it wouldn't. That's all I argued. Whether some country will try to enforce it via whatever means is another question altogether.
End of the day, policymakers are more educated with economics than cybersecurity and computer science. They probably still gonna use Microsoft products.