Opinion Indian mythology is rich beyond measure in tales of gods, demons, and humans doing battle. Deception, alliances, betrayal, supernatural weaponry, and devastating consequences tangle with morality and greed. If you think that sounds like today's global technology maelstrom, that's forgivable.

So when the Indian Ministry of Defence announced that it would be ditching Microsoft Windows in favor of "locally developed" open source Maya OS to increase security, it's fair to see this as part of the great cycle of conflict between FOSS and proprietary systems. Such decisions are never purely pragmatic, even though that's frequently the justification, and when policy rather than practicality has the upper hand, the results can be excitingly mixed.

Let's stick to the practical for starters. We all know what Windows is, what it does, and why it has such a special place in our hearts - Maya OS is new. It is also "developed by government agencies within six months [and] is capable of preventing cyber threats and malware attacks," according to reports. It's actually Ubuntu with a Windows-like front end and some extra endpoint security.

That doesn't seem so bad. Although the system is expected to roll out across the many parts of the Ministry of Defence and armed forces, the migration is staged, with each part going through its own evaluation process. Sane so far. If you look at the rolling news of new vulnerabilities and attacks, then yes, Linux on the desktop is far less malware-y than Redmond's legacy-laden lash-up. If that's because there are fewer targets to attack with a Linux desktop, it doesn't make it not true. That's not the point.

The history of migrating from Windows to Linux is not so great. Not so much demons in the details as entire circles of Hell vomiting up squadrons of the beasts. Famously, the administration of Munich signed up to Club Penguin only to come sobbing back to Microsoft. That wasn't because of any technical superiority deep in the guts of the OS, but because the organization needed to use many hundreds of third party line-of-business packages and services that really didn't like Linux. If you spend all your money trying to fix that and fail, it doesn't matter how free and open the alternative is.

That was years ago, and lessons have been learned. Also, the military has a reputation for standing apart from the civilian commercial market - it's prepared to pay to have things work its own way, especially as the strong right hand of the state.

That's always been a miscomprehension. Sure, the military has a lot of unique features, including weapons-festooned aircraft, ships, and land vehicles exempt from safety standards. Those, and the unfashionably clad people who operate them, are what it's all about. Only they're not: they're the admittedly unorthodox sales, marketing, and distribution departments of a large and ungainly organization. Most of the military spends most of its time doing logistics, budgeting, planning, and general management hoo-ha, much like everyone else. Admittedly, the HR department can shoot employees for missing targets, but it's only the paperwork that's stopped the practice spreading into the bigger consultancies.

For any organization with or without guns, it's not the desktop that stops Linux on the desktop. For it to work, you must be prepared to actively drive an ecosystem competitive with the global corporate overlordship of Microsoft. If you don't, you'll fall behind - or you'll end up in the same place as everyone else.

Nor does Linux on the desktop do much to protect data held elsewhere in the infrastructure from phishing, supply chain attacks, criminality, and corruption. You do get extra security, but not much that matters, especially if you're a high-profile target of intense interest to, say, the Chinese defense establishment. Indian policymakers are as bright as any, so they'll know this.

Thus the saga turns from pragmatism to real policy, and that looks very much like flag-flying. Every country has a dose of this, especially in areas like technology and defense, which are prime targets for domestic pride, independence, and state largesse. It so rarely works that way, and history is replete with corpses entombed on beds of burned cash. The UK had ICL, India had ECIL - of which much more can be found on the excellent
Asianomics YouTube channel. The temptation is ever there, th ough, especially when a state finds itself dependent on technology from a country it has cooled towards, and 2020s geopolitics has not done much for India and America.

The biggest clue that this is the real motivation behind Maya OS is the official description of it as a native OS developed in six months that prevents malware and viruses. None of that is true, all of it paints a picture of superior local abilities leaping ahead of the rest of the world, in the service of national security.

There is absolutely a case for using Linux to enhance endpoint security on user platforms. Chromebook provides it - but only when you use it as part of a larger, coherent infrastructure story. If the Indian state decided to take that path as part of a "doing it right top to bottom" with the resources and motivation of a modern state, we could be reading a whole new chapter in the cosmic saga of data and demons.

As it is, the chances are high that we'll have seen this one before - less hit, more myth. ®

https://www.theregister.com//2023/08/14/opinion_column_india/