I agree that a small, special purpose OS would probably be more suitable for safety-critical systems. On the other hand I highly doubt that the safety-culture is better at Boeing than in the Linux ecosystem.
I’d expect it to be about the same, with 737 MAX, yes, on one side and too many examples on the other.
You forget to take into account that every Boeing employee knows they are building systems that can kill people if things go wrong. Meanwhile on Linux a lot of bugs really don’t matter that much, especially in -rc and otherwise non LTS versions.
Taking that into account their safety culture is much worse.
For a company building bloody airplanes - yes, I totally agree.
Linux and the open source community may be chaotic … but companies like Boeing are completely corporate and they will risk or even sacrifice safety if it means making a few extra million or preventing the loss of millions in profits. They’ll calculate how much it will cost to make settlements with the families of the dead or in to issuing changes or recalls and figure out which is cheaper … pay off the dead or fix the problem. If paying off the dead is cheaper, they don’t mind watching the body count.
Honestly just anti-foss rambling. Nothing is stopping them to make a custom hardened kernel with what they need. What they want is someone else to cater for them.
ELISA (Enabling Linux in Safety Applications) Project announced that Boeing has joined as a Premier member, marking its commitment to Linux and its effective use in safety critical applications. Hosted by the Linux Foundation, ELISA is an open source initiative that aims to create a shared set of tools and processes to help companies build and certify Linux-based safety-critical applications and systems
I imagine this means they’re contributing both actively and financially to Linux.
are there any points in their slide deck which you can really say are inaccurate? as a long-time Linux proponent myself, I actually can’t.
That is rich coming from the people that programmed the Boeing 737 MAX…
Yeah, if the first argument is “Linux does not have the safety culture”, the first thing should be for the question of “do the current offerings have it” to show up.
Well, NASA trusts Linux enough to send it to Mars. They build rockets, so it should be good enough for flying busses. Unless you don’t trust your software engineers, but then having them build a custom microkernel OS instead sounds not much better.
Every NASA crewed launch to ISS from US soil is on a stack that uses Linux for avionics: Falcon 9 and Dragon 2. The Starlink constellation is also a massive deployment of Linux nodes in space.
The backup NASA commercial crew system from the 737 Max people hasn’t flown people yet and probably won’t this year, perhaps never. They somehow managed to have two critical software failures on their first orbital flight test, either of which would have caused loss of vehicle without intervention. Both should have been caught with comprehensive testing.
What ?
I work in ATC (air traffic control) and everything runs on Linux, from radars correlation to flight data processing.
And it’s not just us, most Air navigation service provider in the world works the same way.
LinuS does not have a software engineering culture
What?
Yeah, didn’t get that one either.
There aren’t project managers is basically what it sums up to
Something something personal attack on Linus, whom still manages to this day every merge in master.
You know, he has no software engineering culture developing his software engineering masterpiece over 20 years, as opposed to the impeccable software engineering culture at Boeing.
Absolute clowns.
Claims Linux doesn’t have a culture that guarantees quality. Makes obvious typo in the slide that claims this.
The only real “problem” would be the lack of certifications, which are quite hard to get.
Real Time Operating Systems (RTOS) are normally used for these tasks, but, AFAIK there are already projects using linux with patches to make it run a RTOS kernel.
In my opinion, I think it all depends on what part of the plane it is running. If it is a core sensor, providing real time data, it makes a lot of sense to use a RTOS. It needs to prove it can run its tasks on time, and the scheduler needs to be understandable. There’s also a lot of overhead with running a full OS with processes, which don’t make sense for a sensor which only function is to provide data over a CAN/LIN bus.
But, for other things, like dashboard visualizations, music for the aircraft, entertainment, and those non-critical-realtime needs, then it makes a lot of sense to run linux. After all, you’d get access to a lot of already built software and a working dev environment.
And don’t get me wrong, this is clearly BS from boeing to keep selling their closed source software. There are already open source RTOS systems, like FreeRTOS. I do not mean to keep those real time systems closed, but to use a full OS where it makes sense and a RTOS where that makes more sense. Both open source!
Isn’t hard real time in the kernel now?
I remember there were talks about merging the patches and making it an option when building. I don’t know the current status of that.
On real time operating systems, like freertos, not only the kernel is real time but everything else is too. Like: you can guarantee your call on the I2C and SPI won’t take more than 5ms, for example, even with hardware issues. The whole environment is built around the hardware realtime concept.
That makes sense, and yeah I imagine the problem isn’t the entertainment system.
I just don’t get the the last paragraph. I don’t know if using Linux affects their code being OS or not. If they’re just running it on top of Linux and not modifying it, it probably won’t be a GPL violation to keep it closed.
Boeing has their own RTOS, which they might be using on more than “real time critical” software. What I mean is: embrace open source, be it Linux or some other OS more specific for that task, but open source all the things!
A bunch of bullshit so that Boeing can sell the shit they want to sell.
I’d be interested in hearing what they are using for safety-critical OS. Notice they said “software engineering” and not “OS”, which makes me think they’re running on Windows.
Most Windows drivers also run in kernel mode.[1]
For avionics, I doubt that they would use a traditional os. As far as I’m aware, Microsoft doesn’t have safety-certified builds of Windows with a real time kernel. Certifying a Linux build would also be a huge and costly endeavor. What they are likely using is a certified RTOS, like Vxworks, RTEMS, ThreadX, SafeRTOS, etc., or even Ada with the Ravenscar profile. You don’t really “develop” applications for these, you instead incorporate them as libraries inside your application and compile the RTOS into your application, and then run it on bare metal. Infotainment systems on the other hand will use more traditional OSes.
A lot of the presentation seems to be rather typical of the aerospace industry, which is all about safety. Im not too convinced that this is due to Boeing being Boeing, but rather that DO-178 compliance is a removed, ITAR can be another removed, and certifying not only a single build of the Linux kernel but also an entire distro build will be a superhuman effort. At best it’ll take a long time with a sizeable team. Not sure that would Boeing be filling to fund that.
Yeah, coming from nuclear, all of the buzzwords make sense. Ofc, nuclear has decided blindly trusting windows for everything is cyber security so… 😂😭
I doubt they run on windows tbh. If they take issue with with monolithic design of Linux, then windows would be an even bigger problem.
Also, most of the devices in question are probably small controllers, incapable of running windows. (Microsoft are struggling to run it on arm so…)
Windows kernel isn’t monolithic, hence why you need to install drivers from random websites
Windows is not used for avionics and safety critical systems, it is also not a real time OS.
LynxOS and VxWorks are a couple that are used.
The development processes are highly regulated, which would be more difficult to integrate.
I’m happy to hate on Windows as much as the next guy, but in this case it’s probably stuff like VxWorks, which makes sense since it’s a battle tested RTOS.
Their excuse and PR jargon is still BS though.
Those slides look like they’re written by someone who doesn’t understand Linux. Though Boeing and safety don’t seem to go hand in hand nowadays if that documentary about their safety standards and engineering is to believed. Blaming foreign pilots that got killed because of engineering changes that pilots weren’t fully trained on was low. Especially given how many airlines actually insisted on training for these systems but seemed to be fobbed off.
I’d rather fly Airbus.
Some context: https://www.bbc.co.uk/news/business-54174223
Something to understand here, it is exactly the same with the automotive industry. It is almost never about the actual safety, let me explain.
If you work as a safety engineer in a company like Boeing the name of the game is to not be responsible for the safety of a component at all. You always hide behind some kind of certifications then always ask a contractor to do it. The contractor might be scared too so will ask for a subcontractor and so on until someone is in an obscure juridiction or brave enough to just develop the software like almost anyone else but just with someone rubber-stamping the paperwork.
The safety engineer will have the paperwork so for them, it is safe! If there is an issue this is not them.
So for them Linux is absolutely out of the question, who wants to sign a paper for it?