Open Source

30-Year-Old Operating System 'PC-MOS/386' Finally Open Sourced (github.com) 117

PC-MOS/386 "was a multi-user, computer multitasking operating system...announced at COMDEX in November 1986," remembers Wikipedia, saying it runs many MS-DOS titles (though it's optimized for the Intel 80386 processor).

Today Slashdot user Roeland Jansen writes: After some tracking, racing and other stuff...PC-MOS/386 v5.01 is open source under GPLv3. Back in May he'd posted to a virtualization site that "I still have the source tapes. I want(ed) to make it GPL and while I got an OK on it, I haven't had time nor managed to get it legalized. E.g. lift the NDA and be able to publish."

1987 magazine ads described it as "the gateway to the latest technology...and your networking future," and 30 years later its release on GitHub includes sources and executables. "In concert with Gary Robertson and Rod Roark it has been decided to place all under GPL v3."
Intel

Intel Launches Xeon Scalable CPUs: Dual Xeon Platinum 8176, 112 Threads Tested (hothardware.com) 54

MojoKid writes: Intel announced its new Xeon Scalable processor family based on the 14nm Skylake-SP microarchitecture a few weeks back, though today marks the official launch of the platform. Not only do these processors feature a new microarchitecture, but Intel has also revamped the naming convention and arrangement of the Xeon product stack, branding them with Platinum, Gold, Silver, and Bronze model families. Intel Xeon Scalable series processors feature core counts ranging from 4 to 28, with varied frequencies and cache configurations. Workstation processors and lower-core count server chips top out in the 3.2GHz -- 3.6GHz range, while the higher-core count products typically fall in the 2GHz -- 2.7GHz range. Six memory channels are supported and the chips have 48 lanes of integrated PCIe 3.0 connectivity. Power envelopes range all the way from 70W on up to 205W. The Xeon Scalable series also introduces new security, virtualization, and storage-related features, more memory bandwidth, support for AVX-512 extensions, a mesh interconnect, and enhanced hardware controlled power management, among a host of other architectural improvements. Testing of a 2P Xeon Platinum 8176 system, sporting 56 physical cores / 112 threads shows significantly increased performance and bandwidth, with only moderately higher power consumption versus a previous-gen 2P Xeon E5-2679 v4-based system.
Network

Ask Slashdot: Best Way To Isolate a Network And Allow Data Transfer? 237

Futurepower(R) writes: What is the best way to isolate a network from the internet and prevent intrusion of malware, while allowing carefully examined data transfer from internet-facing computers? An example of complete network isolation could be that each user would have two computers with a KVM switch and a monitor and keyboard, or two monitors and two keyboards. An internet-facing computer could run a very secure version of Linux. Any data to be transferred to that user's computer on the network would perhaps go through several Raspberry Pi computers running Linux; the computers could each use a different method of checking for malware. Windows computers on the isolated network could be updated using Autopatcher, so that there would never be a direct connection with the internet. Why not use virtualization? Virtualization does not provide enough separation; there is the possibility of vulnerabilities. Do you have any ideas about improving the example above?
Software

Ask Slashdot: What's the Best Working Environment For a Developer? 360

New submitter Dorgendubal writes: I work for a company with more than a thousand developers and I'm participating in activities aimed at improving the work experience of developers. Our developers receive an ultrabook that is rather powerful but not really adapted for development (no admin rights, small storage capacity, restrictive security rules, etc.). They also have access to VDIs (more flexibility) but often complain of performance issues during certain hours of the day. Overall, developers want to have maximum autonomy, free choice of their tools (OS, IDE, etc.) and access to internal development environments (PaaS, GIT repositories, continuous delivery tools, etc.) . We recently had a presentation of VMWare on desktop and application virtualization (Workstation & Horizon), which is supposedly the future of the desktops. It sounds interesting on paper but I remain skeptical.

What is the best working environment for a developer, offering flexibility, performance and some level of free choice, without compromising security, compliance, licensing (etc.) requirements? I would like you to share your experiences on BYOD, desktop virtualization, etc. and the level of satisfaction of the developers.
Intel

Intel Supercharges Atom Chips With 16 Cores and Pro Level Features (pcworld.com) 77

Agam Shah, writing for PCWorld: Intel's Atom was mostly known as a low-end chip for mobile devices that underperformed. That may not be the case anymore. The latest Atom C3000 chips announced on Tuesday have up to 16 cores and are more sophisticated than ever. The chips are made for storage arrays, networking equipment, and internet of things devices. The new chips have features found mostly in server chips, including networking, virtualization, and error correction features. [...] A surprising feature in C3000 is RAS (reliability, availability, and serviceability) capabilities, which is mostly found on high-end Xeon chips. The feature corrects data errors on the fly and prevents networking and storage equipment from crashing.
Security

Pwn2Own 2017 Offers Big Bounties For Linux, Browser, and Apache Exploits (eweek.com) 56

Now that TrendMicro owns TippingPoint, there'll be "more targets and more prize money" according to eWeek, and something special for Pwn2Own's 10th anniversary in March. Slashdot reader darthcamaro writes: For the first time in its ten-year history, the annual Pwn2Own hacking competition is taking direct aim at Linux. Pwn2Own in the past has typically focused mostly on web browsers, running on Windows and macOS. There is a $15,000 reward for security researchers that are able to get a local user kernel exploit on Ubuntu 16.10. The bigger prize though is a massive $200,000 award for exploiting Apache Web Server running on Ubuntu.
"We are nine weeks away," TrendMicro posted Wednesday, pointing out that they're giving out over $1 million in bounties, including the following:
  • $100,000 for escaping a virtualization hypervisor
  • $80,000 for a Microsoft Edge or Google Chrome exploit
  • $50,000 for an exploit of Adobe Reader, Microsoft Word, Excel or PowerPoint
  • $50,000 for an Apple Safari exploit
  • $30,000 for a Firefox exploit
  • $30,000, $20,000 and $15,000 for privilege-escalating kernel vulnerabilities on Windows, macOS and Linux (respectively)
  • $200,000 for an Apache Web Server exploit

Open Source

GoboLinux 016 Released With Its Own Filesystem Virtualization Tool (gobolinux.org) 47

Long-time Slashdot reader paranoidd writes: GoboLinux announced Thursday the availability of a new major release. What's special about it is that it comes together with a container-free filesystem virtualization that's kind of unique thanks to the way that installed programs are arranged by the distro. Rather than having to create full-fledged containers simply to get around conflicting libraries, a lightweight solution simply plays with overlays to create dynamic filesystem views for each process that wants them. Even more interesting, the whole concept also enables 32-bit and 64-bit programs to coexist with no need for a lib64 directory (as implemented by mostly all bi-arch distributions out there).
"Instead of having parts of a program thrown at /usr/bin, other parts at /etc and yet more parts thrown at /usr/share/something/or/another, each program gets its own directory tree, keeping them all neatly separated and allowing you to see everything that's installed in the system and which files belong to which programs in a simple and obvious way."
AMD

AMD Introduces Radeon Instinct Machine Intelligence Accelerators (hothardware.com) 55

Reader MojoKid writes: AMD is announcing a new series of Radeon-branded products today, targeted at machine intelligence and deep learning enterprise applications, called Radeon Instinct. As its name suggests, the new Radeon Instinct line of products are comprised of GPU-based solutions for deep learning, inference and training. The new GPUs are also complemented by a free, open-source library and framework for GPU accelerators, dubbed MIOpen. MIOpen is architected for high-performance machine intelligence applications and is optimized for the deep learning frameworks in AMD's ROCm software suite. The first products in the lineup consist of the Radeon Instinct MI6, the MI8, and the MI25. The 150W Radeon Instinct MI6 accelerator is powered by a Polaris-based GPU, packs 16GB of memory (224GB/s peak bandwidth), and will offer up to 5.7 TFLOPS of peak FP16 performance. Next up in the stack is the Fiji-based Radeon Instinct MI8. Like the Radeon R9 Nano, the Radeon Instinct MI8 features 4GB of High-Bandwidth Memory (HBM) with peak bandwidth of 512GB/s. The MI8 will offer up to 8.2 TFLOPS of peak FP16 compute performance, with a board power that typical falls below 175W. The Radeon Instinct MI25 accelerator will leverage AMD's next-generation Vega GPU architecture and has a board power of approximately 300W. All of the Radeon Instinct accelerators are passively cooled but when installed into a server chassis you can bet there will be plenty of air flow. Like the recently released Radeon Pro WX series of professional graphics cards for workstations, Radeon Instinct accelerators will be built by AMD. All of the Radeon Instinct cards will also support AMD MultiGPU (MxGPU) hardware virtualization technology.
AMD

Researchers Point Out 'Theoretical' Security Flaws In AMD's Upcoming Zen CPU (bleepingcomputer.com) 57

An anonymous reader writes from a report via BleepingComputer: The security protocol that governs how virtual machines share data on a host system powered by AMD Zen processors has been found to be insecure, at least in theory, according to two German researchers. The technology, called Secure Encrypted Virtualization (SEV), is designed to encrypt parts of the memory shared by different virtual machines on cloud servers. AMD, who plans to ship SEV with its upcoming line of Zen processors, has published the technical documentation for the SEV technology this past April. The German researchers have analyzed the design of SEV, using this public documentation, and said they managed to identify three attack channels, which work, at least in theory.

[In a technical paper released over the past weekend, the researchers described their attacks:] "We show how a malicious hypervisor can force the guest to perform arbitrary read and write operations on protected memory. We describe how to completely disable any SEV memory protection configured by the tenant. We implement a replay attack that uses captured login data to gain access to the target system by solely exploiting resource management features of a hypervisor." AMD is scheduled to ship SEV with the Zen processor line in the first quarter of 2017.

Open Source

After 22 Years, 386BSD Gets An Update (386bsd.org) 83

386BSD was last released back in 1994 with a series of articles in Dr. Dobb's Journal -- but then developers for this BSD-based operating system started migrating to both FreeBSD and NetBSD. An anonymous Slashdot reader writes: The last known public release was version 0.1. Until Wednesday, when Lynne Jolitz, one of the co-authors of 386BSD, released the source code to version 1.0 as well as 2.0 on Github.

386BSD takes us back to the days when you could count every file in your Unix distribution and more importantly, read and understand all of your OS source code. 386BSD is also the missing link between BSD and Linux. One can find fragments of Linus Torvalds's math emulation code in the source code of 386BSD. To quote Linus: "If 386BSD had been available when I started on Linux, Linux would probably never had happened."

Though it was designed for Intel 80386 microprocessors, there's already instructions for launching it on the hosted hardware virtualization service Qemu.
Security

Windows 10 Will Soon Run Edge In a Virtual Machine To Keep You Safe (arstechnica.com) 172

An anonymous reader quotes a report from Ars Technica: Microsoft has announced that the next major update to Windows 10 will run its Edge browser in a lightweight virtual machine. Running the update in a virtual machine will make exploiting the browser and attacking the operating system or compromising user data more challenging. Called Windows Defender Application Guard for Microsoft Edge, the new capability builds on the virtual machine-based security that was first introduced last summer in Windows 10. Windows 10's Virtualization Based Security (VBS) uses small virtual machines and the Hyper-V hypervisor to isolate certain critical data and processes from the rest of the system. The most important of these is Credential Guard, which stores network credentials and password hashes in an isolated virtual machine. This isolation prevents the popular MimiKatz tool from harvesting those password hashes. In turn, it also prevents a hacker from breaking into one machine and then using stolen credentials to spread to other machines on the same network. Credential Guard's virtual machine is very small and lightweight, running only a relatively simple process to manage credentials. Application Guard will go much further by running large parts of the Edge browser within a virtual machine. This virtual machine won't, however, need a full operating system running inside it -- just a minimal set of Windows features required to run the browser. Because Application Guard is running in a virtual machine it will have a much higher barrier between it and the host platform. It can't see other processes, it can't access local storage, it can't access any other installed applications, and, critically, it can't attack the kernel of the host system. In its first iteration, Application Guard will only be available for Edge. Microsoft won't provide an API or let other applications use it. As with other VBS features, Application Guard will also only be available to users of Windows 10 Enterprise, with administrative control through group policies. Administrators will be able to mark some sites as trusted, and those sites won't use the virtual machine. Admins also be able to control whether untrusted sites can use the clipboard or print.
Operating Systems

Xen Vulnerability Allows Hackers To Escape Qubes OS VM And Own the Host (itnews.com.au) 73

Slashdot reader Noryungi writes: Qubes OS certainly has an intriguing approach to security, but a newly discovered Xen vulnerability allows a hacker to escape a VM and own the host. If you are running Qubes, make sure you update the dom0 operating system to the latest version.
"A malicious, paravirtualized guest administrator can raise their system privileges to that of the host on unpatched installations," according to an article in IT News, which quotes Xen as saying "The bits considered safe were too broad, and not actually safe." IT News is also reporting that Qubes will move to full hardware memory virtualization in its next 4.0 release. Xen's hypervisor "is used by cloud giants Amazon Web Services, IBM and Rackspace," according to the article, which quotes a Qubes security researcher who asks the age-old question. "Has Xen been written by competent developers? How many more bugs of this caliber are we going to witness in the future?"
Network

A Solution To the Security Guidelines Proposed By FCC For Home Routers (imgtec.com) 55

An anonymous reader writes: Back in March 2015, the United States Federal Communications Commission (FCC) issued a security document that included a series of provisions related to the use of wireless devices. In order to comply with these security guidelines, some manufacturers of home routers and other networking equipment decided to lock down the software powering these devices. This caused an outcry from the open source community who demanded that the FCC and manufacturers would not restrict the free use of the operating system and associated software running on their devices. Now Imagination Technologies is presenting a proof of concept demonstration that addresses the next-generation security requirements mandated by the FCC and other similar agencies. The demo makes use of a feature of MIPS Warrior CPUs called multi-domain, secure hardware virtualization. This technology allows developers to create system-wide, hardware-enforced trusted environments that are much secure compared to current solutions. The platform used for the demonstration runs three virtual machines (VMs) on a MIPS P-class CPU integrated in a router-type evaluation kit; this approach securely separates the OpenWrt operating system from the Wi-Fi driver, allowing them to co-exist in isolation and thus comply with the FCC guidelines.Ars Technica has more details.
Microsoft

Head of Oracle Linux Moves To Microsoft (zdnet.com) 95

An anonymous reader writes: Wim Coekaerts, formerly Oracle's Senior VP of Linux and Virtualization Engineering, has left Oracle for Microsoft. Many of you may know of Coekaerts as "Mr. Linux" as he delivered the first Linux products, transitioned Oracle's programming staff from Windows to Linux desktops, and turned Oracle into a Linux distributor with the launch of its Red Hat Enterprise Linux (RHEL) clone, Oracle Linux. Mike Neil, Microsoft's Corporate Vice President of the Enterprise Cloud, told ZDNet, "Wim Coekaerts has joined Microsoft as Corp VP of Open Source in our Enterprise Cloud Group. As we continue to deepen our commitment to open source, Wim will focus on deepening our engagement, contributions and innovation to the open-source community."
Space

Can NASA's Gryphon-X Project Save America? (thestack.com) 44

An anonymous reader writes: The Institute for Critical Infrastructure Technology, which advises both government and industry, has released an unusually fervent paper calling for NASA to push harder for funding for a massive cybersecurity project called Gryphon-X, which it claims has been lost in congressional confusion and administrative bureaucracy. Details are scarce as to how Gryphon-X could prevent cyber-incursions such as AnonSec's attempted drone sabotage in February, or even what new technologies might be on the table, but mentions that a significant new site would be built in Silicon Valley, and would include academic facilities. Extending Gryphon-X's scope far beyond NASA's security to a global role, the authors write that it would contain 'the fusion center, virtualization environment, and cyber-physical capabilities needed to analyze, prepare, and prevent threats like these from harming the nation, its organizations, or its people.'
Cloud

CoreOS Launches Rkt 1.0 (eweek.com) 50

darthcamaro writes: Docker is about to get some real competition in the container runtime space, thanks to the lofficial aunch of rkt 1.0. CoreOS started building rkt in 2014 and after more than a year of security, performance and feature improvement are now ready to declare it 'production-ready.' While rkt is a docker runtime rival, docker apps will run in rkt, giving using a new runtime choice: "rkt will remain compatible with the Docker-specific image format, as well as its own native App Container Image (ACI). That means developers can build containers with Docker and run those containers with rkt. In addition, CoreOS will support the growing ecosystem of tools based around the ACI format."
Businesses

Docker Moves Beyond Containers With Unikernel Systems Purchase (thenewstack.io) 69

joabj writes: Earlier today, Docker announced that it had purchased the Cambridge, U.K.-based Unikernel Systems, makers of the OCaml-based MirageOS, a unikernel or "virtual library-based operating system." Unikernels go beyond containers in stripping virtualization down to the bare essentials in that they only include the specific OS functionality that the application actually needs. Their design builds on decades of research into modular OS design. Although unikernels can be complex to deploy for developers, Docker aims to make the process as standardized as possible, for easier deployment.
Open Source

Linux Kernel 4.4 LTS Officially Released 132

prisoninmate writes: January 10, 2016, will enter in the Linux history books as the day when the Linux kernel 4.4 LTS (Long-Term Support) has been officially released by Linus Torvalds and his team of hard working kernel developers. Prominent features of Linux kernel 4.4 LTS include 3D support in the virtual GPU driver, allowing for 3D hardware-accelerated graphics in virtualization guests, a leaner and faster loop device that supports Asynchronous I/O and Direct I/O, thus increasing the system's performance and saving memory, and support for Open-Channel Solid State Drives (SSDs) through LightNVM. Phoronix also took a look during the newest kernel's development cycle, and has an overview of 4.4's new features.
Cloud

Amazon Makes It Almost Impossible To Calculate Their "Virtual CPU" Equivalent (informationweek.com) 114

dkatana writes: AWS started out defining its virtual CPUs as being composed of EC2 compute units, or ECUs, which it defined as an equivalent to a physical Xeon processor. However, a virtual CPU now looks suspiciously variable... A virtual CPU is whatever Amazon wants to offer in an instance series. The user has no firm measure to go by. From the article: [B]y doing a little math, you could actually compare what you were getting in virtual CPUs in EC2 versus Azure. Also by doing a little math, you knew how to compare one Amazon instance to another based on the ECU count in each virtual CPU. Microsoft didn't look too bad in the comparison. That is one of the casualties of the nomenclature change. I have searched for updated information on how a virtual CPU is measured and found nothing comparable to the definition of the 2012 ECU measure. I have questioned Amazon representatives three times between Oct. 27 and Dec. 21, and don't have much of an answer."
Windows

Microsoft Windows Server 2016 Moving To Per-Core Licensing (arstechnica.com) 288

rbrandis writes: Windows Server 2012 has two main editions, Standard and Datacenter. They had identical features, and differed only in terms of the number of virtual operating system instances they supported. The licenses for both editions were sold in two-socket units; one license was needed for each pair of sockets a system contained.

Windows Server 2016 reinstates the functional differences between Standard and Datacenter editions. Datacenter will include additional storage replication capabilities, a new network stack with richer virtualization options, and shielded virtual machines that protect the content of a virtual machine from the administrator of the host operating system. These features won't be found in the Standard edition.

Windows Server 2016 licensing moves to a per core model. Instead of 2012's two socket license pack, 2016 will use a 2-core pack, with the license cost of each 2016 pack being 1/8th the price of the corresponding 2 socket pack for 2012. Each system running Windows Server 2016 must have a minimum of 8 cores (4 packs) per processor, and a minimum of 16 cores (8 packs) per system.

Slashdot Top Deals