Big telecom companies want more flexible options for their massive networks and are looking to bare-bones computing equipment controlled by open-source software for answers. Red Hat, which already made an agreement with Cisco earlier this year, will be working with Huawei to make Open Stack more relevant to demanding network situations, including telecommunications.
According to the WSJ article:
Telecom companies are among the world’s biggest spenders on technology hardware, software and services. AT&T, for example, recently said it plans $18 billion in capital spending next year on facilities like its telecom network and computing equipment — nearly double Google GOOGL +1.04%’s capital spending this year. Such flush budgets mean that telcos’ technology choices have major ramifications for IT vendors.
(Score: 0, Funny) by Anonymous Coward on Saturday December 06 2014, @02:50AM
If they use SystemD in the product's os then they won't even be able to touch Cisco.
(Score: 2, Funny) by kaszz on Saturday December 06 2014, @03:15AM
RedHat has with their systemd already proven they are around to disrupt the free open source community. So open source my ass. Combined with Huawei which is under the control of three letter agency in China.
(Score: 1) by middlemen on Saturday December 06 2014, @09:51PM
under the control of three letter agency in China.
In China, the agency's name can be fully spelt in 3 letters unlike in English ! Chinese is one of the best languages from a compression standpoint.
(Score: 0) by Anonymous Coward on Saturday December 06 2014, @03:59AM
when they're not sitting on the beach drinking sundowners and blessing the universe for limited spectrum and not investing their "hard earned" money in new for-rent appartment blocks, I guess they do think about computers and networks sometimes... fraking wireless.
(Score: 2, Insightful) by anubi on Saturday December 06 2014, @07:21AM
I sure would like to see a completely new computer architecture take place.
With the kernel OS in ROM, where it cannot be written to unless a physical jumper is in place.
It would be an expanded BIOS which already knows how to handle a keyboard, display ( including windowing objects ), disk drive, USB, and TCP/IP stack.
Just by itself, it would have enough horsepower to run a basic web browser.
When it boots up on power-up, it would know to enter a "safe mode", much like Windows already does, so nothing outside the OS has yet executed and a trusted debugger ( even a trusted debugger in the cloud - as the stack itself is in ROM ) could be invoked to ferret out a rogue application in one's machine.
In the event of a real nasty hacking, the machine could be returned to pristine "out of the box-factory fresh" state by wiping everything from all writable memories - as the erase routine called would be in the ROM and once invoked, doesn't have any secret handshakes to "hold harmless" certain malware that would be sure to use it if there was a secret handshake ... AKA "Security by obscurity is no security at all".
Now, one would be free to add as many apps as he has storage space for. If a rogue app is run, it may make a mess so bad as to require reloading every other executable, but at least you still have an operable machine to work with, and one whose top level cannot be overwritten with rootkits. Once rebooted, the machine can help you figure out which app is causing all the stink so you can get rid of it.
If this is made with the interrupts all in hardware pointing back into the ROM, it would make hijacking interrupts impossible. Yes, it will limit the "flexibility" of the architecture, but personally I would rather deal with hardware limitations than have a machine that's hookable by everyone who wants to have my machine do their bidding at my expense.
For something like this, there is going to have to be a standard interface that has to be adhered to, and clear law denying anyone from "owning" the specifications and rent-seeking on it. No more special drivers for things like USB cameras, mice, keyboards, memory, as standard drivers for these will be in the ROM. No more surprise hostile drivers unless you deliberately install drivers for something that won't natively play nice - and because those drivers are outside the trusted ROM, they can be watched like a hawk to make sure they behave themselves.
Personally, I would like to see it come with a debugger as part of the ROM so it can use a secondary display to view whats going on the kernel much like Resource Monitor with the ability to track and halt on certain processes when the trap specs are met.
Rom is pretty cheap these days... but I do not think its as fast as RAM; I believe that needs a little work, as I believe having any way to write "updates" into the OS by any method is just an invitation to exploitation. As long as one has to have the physical machine in his hand in order to place the write jumper in place, that oughta keep fly-by-night unwanted "system updates" by hostile coders at bay.
All these reports I have been seeing on how machines are under cyberattack makes me really want a machine I can simply trust. It may not be the fastest gaming machine out there, but at least I should be able to talk to my bank knowing I don't have a rogue keylogger running behing my back.
Anyway, that's my dream for a trusted machine... and I hope an open stack that can be verified by everyone is a step in that direction.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 0) by Anonymous Coward on Saturday December 06 2014, @10:26AM
You're basically describing a smart phone - or a Chrome book/box - with a more restricted OS that requires the user to open it up to update the OS.
What you want works in theory, but is not practical when deployed. Imagine a company with 1,000 (or more) computers that need an update. The costs of updating would be prohibitive. Now imagine a data center where each server would have to be physically removed from the rack in order for it to be updated. In either case updates would not be rolled out. The time it would take to deploy a critical security update would ensure that many computers would remain vulnerable for far too long.
Consumers are an important segment of the computer market, but business is a more important, and more lucrative segment. Manufactures could make a separate consumer model this these restrictions but they have no incentive other than competition. Who's going to be the first to introduce a more expensive, less flexible system that isn't compatible with any existing software in a market with razor thin margins?
(Score: 1) by anubi on Sunday December 07 2014, @01:40AM
I agree with all except the part about the server having to be removed from the rack.
Industrial server systems may want the jumper access on the front panel. When that jumper or keyswitch is ON, the server is vulnerable and could theoretically be attacked from the net. I make the assumption here that anyone having physical access to the machine is trusted; the cloud is not. A whole rack of machines could be keyed ON, updated, then keyed back OFF. With the purpose of the key only to remind those with responsibility to do this makes sure to turn it back off.
A key left on may well trigger a routine in BIOS to ping a trusted IP address with enough info to indicate the machine has its metaphorical pants down. We all know keyswitches are just about as physically secure as a bathroom door lock - its not there for security; rather it is there for abatement of surprises. This means a trusted employee must make physical contact with the machine in order to update its programming.
I guess its kinda like V_GER insisting on contact from its creator ( Star Trek reference ).
I believe this will be the cost of not having to relive the Sony experience.
Too many management people I have run across were quite penny-wise and pound-foolish when it comes to stuff like this. They seem to have a strong desire to do whatever it takes to cover their own arse, not that of the corporation they work for. Finding someone else to take the hit for a disaster is often cheaper than designing the fault out.
So they buy a seal or something...
I note the people who visit these forums are people who have actually seen things get out of control, and at trillions of operations per second, things can get out of control really really fast.
Left to themselves, the machines will follow any pied piper who toots the correct tune.
Given all the pied pipers out there all tooting away, I do not want my machine to even hear them.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by cafebabe on Saturday December 06 2014, @04:46PM
Your preference for secure rather than fast puts you in good company. In the book Applied Cryptography, Bruce Scheier makes the argument that it is better to have 100% control of 10% of your processing power rather than 0% control of 100% of your processing power.
For applications where speed was an issue, it would be possible to copy PIC [Position Independent Code] to RAM. If ROM size is an issue, it would be possible to implement a memory check and then decompress to RAM. For maximum compression, it would be possible to decompress bytecode to RAM while booting or during use [wikipedia.org]. Overall, these techniques provide several grades between fast and secure.
My ideal secure desktop would implement something like ITRON [wikipedia.org] with a journal data structure which allows state to be persisted during use. This would allow a trivial (bytecode?) graphics driver to initialize and provide output before finding a (native?) optimized driver. It would also allow fallback in the event of a optimized driver crashing. Likewise for the network. Likewise for the windowing. Likewise for browser tabs.
I originally considered this architecture because it annoys me endlessly that XWindows window shading/minimization is implemented within a window manager and therefore all windows maximize when switching window manager. If there was a stateful journal which could be read by a window manager then it would be possible to switch window managers more seamlessly. From here, it applies more generally. Obviously, I reduce a state problem to a namespace problem and this a special form of purgatory. However, it may be of use if you seek stability and security.
You may also be interested in my thoughts about structuring GUI software [soylentnews.org]. From this, I've considered a power user clipboard which works as a stack. Unfortunately, this leads to a problem of resolving possible extra keyboard bindings in a manner which is consistent across devices, interfaces, applications and users. For example, you may think that alt-control-S means "enter super-secret mode" but it actually means "send to all".
1702845791×2
(Score: 2) by c0lo on Saturday December 06 2014, @11:48PM
Would? Did you want to say Coreboot [phoronix.com] but missed the appropriate word?
Example: have a $80 micro-ATX MB (24.4cm x 22.0cm), throw in an I7 and 32GB RAM and make from it [phoronix.com] whatever device you dream of (including your own BGP router to replace the Cisco 512kB-limited routing table one [bgpmon.net], for probably less than $1000).
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Saturday December 06 2014, @12:26PM
It must be safe to predict where this project will go.
All those back doors are belong to us.
(Score: 0) by Anonymous Coward on Saturday December 06 2014, @06:52PM
The missing link: http://blogs.wsj.com/digits/2014/12/04/red-hat-and-huawei-woo-telcos-with-open-source-software/ [wsj.com]