Microsoft Hyper-V floats Chinese military Linux
Red cloud rising
Microsoft's virtualisation stack is being updated to run a flavour of Linux built for China's national defence and other government systems.
The world's largest software maker has signed a development and marketing agreement with China Standard Software Co (CS2C) to target China's cloud market .
The focus is to make the NeoKylin Operating System run as a first-class guest on Microsoft's Hyper-V and Windows Server 2008 R2, and to make the distro easier to manage through Microsoft's comprehensive Systems Center suite.
Microsoft and CS2C are also co-sponsoring a technology lab in Beijing that will certify the NeoKylin OS as a guest on Hyper-V and Windows Server 2008 R2.
The labs will also create management packs for Microsoft's Systems Center for NeoKylin.
The NeoKylin Operating System is reported to have been built by CS2C with China's National University of Defense Technology at least initially for use on PCs.
Development of the distro was meant to "pave the way for a stronger domestic operating system environment for China", a CS2C spokesperson said earlier this year.
The National University - builder of the world's second-fastest supercomputer, the Tianhe-1A - is run by China's Ministry of National Defence and Ministry of Education.
Support for NeoKylin on the Hyper-V stack is Microsoft's latest effort to make Linux feel at home on Windows. ®
Windows, Linux and UNIX guy
It seems unlikely that MSFT would give their souce code to anyone in China, although perhaps the Chinese could get the source through other means (hint, APT).
But this seems like an excellent outcome for the US: crappy broken software running on Chinese military computers must make it easier for the US to find out what the PLA are up to.
@AC #4: I've never heard of a serious Linux and UNIX guy who considered Windows comparable to either.
I agree with your sentiments but not necessarily your conclusion...
1) the code is closed (enough already not use it right here), the development and maintenance can't be controlled by the customer;
Are customers savvy enough to understand the code to "control" it...? Also, with a closed OS, the addition of malcode is significantly less likely than open source where *anyone* can edit it. Remember the unconfirmed NSA claim a few years back they put backdoors into Linux...?
2) MS Windows' the OS because of its architecture peculiarities is not secure due to its lack of permissions and setuid/setgid model, and existence of very vulnerable protocols like RPC;
Hm. There are plenty of hacks that leverage "S" or "G" to elevate privs. Also windows does have a full permissions model that has more functionality and granularity that anything I have seen except VMS. Regarding RPC, the protocol is not insecure. All the bugs in DCERPC are related to implementation or design faults of a particular interface. Implementation bugs are also not related to MS code. What about the rash of OpenSSH vunls that came out 5-6 years ago...? In reality, both Linux and MS offerings are likely to have implementation bugs. That is why testing is so important.
3) as a consequence of 2) any MS Windows Server host requires a 24/7 running resources-hungry antivirus software;
A hypervisor shouldn't need to run an AV product. No-one should be using the hypervisor itself. all it does is schedule access to resources for guest VM's.
4) MS Windows products are not as easy configurable as their Linux/BSD-based counterparts...
YMMV. GPolicy is very powerful especially with AD but the concept *is* difficult to catch. However once you have it, it is arguably easier than the messed up config files on a Linux / BSD box...
I have not seen the MS System Centre solution but the rumour I heard surprised me about what it could do.,
For my opinion, I think HyperV is worthy of consideration. Your arguments present one point of view from a pro open source standpoint.
I'm a security guy and MS is no longer the automatic bad guy.
I am not an MS or Linux fanatic. I just use them for my job and this means living in the real world where often the reason for making a particular choice is financial or political.
With all due respect....
1) this still means "closed", if you buy an MS product, do you have to hire a whole team of highly qualified IT eng. capable of dissecting giabytes of code? Are you allowed to tweak the code to your needs? As a Linux or whatever guy you know how modular the non-windows software is. This helps tremendously in isolating bugs and problems. How much modularity is there in Windows? Can one simply run a (headless) Windows server without the .. windows, i.e., gui libs ...sorry, dlls?
It's not I do not understand the Windows security model, no one understands it, hence the multi-million antivirus industry. It is even Microsoft does not understand it, since their holding on to RPC (stuxnet & conficker, to name a few), AutoRun/AutoPlay default features, "file extension" vs." file permissions " model. Is there such a thing or an analog of /etc/group and /etc/passw ? Instances when a system "gets infected" by an accidental link clicking (a script is downloaded and run, as a result system files are being changed ) is hard to imagine on my Debian or FreeBSD. Just got rid of such a virus on a friend's Vista.
2) I do not and the majority do not run antivirus software on Linux/BSD machines. Most exceptions are made when such a machine is a server with Windows client machines, e.g., googlemail
3) Compare configuration (a very nice) Far with that of mc file managers.
Again these are just very few reasons, I would not run MS Windows as a host, as a matter of fact M$ VT modules are not compiled into all of the kernels I use, so I pretty much immune to M$ bugs there :)