OS News Archive

Samsung’s Tizen is a cracker’s dream

But the operating system is riddled with serious security vulnerabilities that make it easy for a hacker to take control of Tizen-powered devices, according to Israeli researcher Amihai Neiderman.

"It may be the worst code I've ever seen," he told Motherboard in advance of a talk about his research that he is scheduled to deliver at Kaspersky Lab's Security Analyst Summit on the island of St. Maarten on Monday. "Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It's like taking an undergraduate and letting him program your software."

Raise your hand if you're surprised.

Installing SymbOS on an emulated MSX2+

No fancy introduction or longwinded story about childhood memories, just a quick and relatively easy how-to regarding installing and running SymbOS on an emulated MSX2+. Since it's quite likely you're not aware of what SymbOS and the MSX are, I'll give you a short description of both.

First, the MSX is a standardised home computing platform conceived by Microsoft Japan in the early 80s. It was quite succesful in Japan, and saw decent success in (weirdly) The Netherlands and Spain, but saw little to no adoption in the United States. I didn't have an MSX myself growing up, but a friend of mine had one, and I remember playing games on it with him when I was round 7-8 years old.

SymbOS is - other than a marvellous showcase of programming expertise - a microkernel operating system with preemptive multitasking with a mouse-driven, windows-based graphical user interface. It's available for a number of Z80-based machines of the 80s - the MSX2, MSX2+, MSX TurboR, the complete Amstrad CPC 464/664/6128 range (old and new generation), and all Amstrad PCW models of the 8xxx, 9xxx, and 10 series.

Installing SymbOS on an emulated MSX2+ is actually quite easy.

Tape reel data recovery from a Polish MERA-400

Around May 2015, Andrea “Mancausoft” Milazzo got in touch with Jakub Filipowicz, a Polish guy involved in MERA-400 computer historical researches; Jakub was writing an emulator of this machine, but the operating system was missing and almost unavailable (details on the mera400.pl website ).

Jakub found 5 magnetic tapes at the Warsaw Museum of Technology, containing hopefully copies of the CROOK operating system. The Museum was not able to read them. After some months, he managed to get the tapes, to try a data recovery, extracting the operating system.

Fascinating story with tons of details, definitely a must-read. Interestingly enough - or sadly enough - I can't seem to find a whole lot of information on the MERA 400 in English, and since I don't speak or read Polish, I can't really give much more information than you can find in the source article. There is a Wikipedia page on the MERA 400's progenitor, the K-202.

KolibriOS stored on DNA

In a paper out this week in Science, researchers Yaniv Erlich and Dina Zielinski report successfully using DNA to store and retrieve "a full computer operating system, movie, and other files".

DNA has the potential to provide large-capacity information storage. However, current methods have only been able to use a fraction of the theoretical maximum. Erlich and Zielinski present a method, DNA Fountain, which approaches the theoretical maximum for information stored per nucleotide. They demonstrated efficient encoding of information - including a full computer operating system - into DNA that could be retrieved at scale after multiple rounds of polymerase chain reaction.

Which operating system? Turns out it's KolibriOS, the all-assembler, floppy-based x86 operating system originally based on MenuetOS.

Genode 17.02 uses Linux TCP/IP stack as file system

The just released version 17.02 of the Genode OS framework comes with greatly enhanced virtual file-system capabilities, eases the creation of dynamic system compositions, and adds a new facility for processing user input. Furthermore, the components have become binary-compatible across kernel boundaries by default such that entire system scenarios can be moved from one kernel to another without recompiling the components.

Genode's virtual file-system (VFS) infrastructure has a twisted history. Originally created as a necessity for enabling command-line-based GNU programs to run within Genode's custom Unix runtime, the VFS was later extracted as a separate library. This library eventually became an optional and later intrinsic part of Genode's C runtime. It also happened to become the basis of a file-system-server component. If this sounds a bit confusing, it probably is. But the resulting design takes the notion of virtual file systems to an new level.

First, instead of providing a system-wide VFS like Unix does, in Genode each component can have its own VFS. Technically, it is a library that turns a number of Genode sessions into a file-system representation according the component's configuration. Via those sessions, the component is able to access services provided by other components such as file systems, terminals, or block devices. Furthermore, several built-in file systems are provided locally from within the component. Since the VFS is local to each component, the view of the component's world can be shaped by its parent in arbitrary ways.

By default, each component runs in isolation. Whenever two components are meant to share a certain part of their VFS with one another, both mount a file-system session of the same server into their local VFS. This sharing is a deliberate decision by the component's common parent and thereby subjected to the parent's security policy. One particularly interesting file-system server is the so-called VFS server. It uses an arbitrarily configured VFS internally and exports its content as a file-system service, which can then be mounted in other components. This way, the VFS server can be used to emulate a "global" VFS, or to multiplex access to any file-system types supported by the VFS.

Speaking of supported file-system types, this is where the VFS becomes literally infinitely flexible. The VFS features a plugin interface that incorporates file system types provided in the form of shared libraries. If the VFS configuration refers to a file system type not known by the VFS, a corresponding plugin is loaded. For example, there exists a plugin for generating random numbers based of the jitter of CPU execution time. The file system, when mounted, hosts only a single read-only file that produces random numbers. But VFS plugins can become much more creative. Via the rump-kernel VFS plugin, one can incorporate the file systems of the NetBSD kernel into any VFS-using component. Genode 17.02 furthermore comes with a Plan-9-inspired VFS plugin that makes the Linux TCP/IP stack available as a file system. The C runtime then translates BSD-socket API calls to file-system operations on the socket file system, which, in turn, are handled by the Linux TCP/IP stack. The fascinating part is that this all happens within a single component. Such a component is in fact quite similar to a unikernel.

If two applications ought to share the same TCP/IP stack, the VFS server comes in handy. The Linux TCP/IP stack is then mounted once in the VFS server, which, in turn, provides file-system sessions to the applications. Each application then accesses the TCP/IP stack indirectly through those file-system sessions. In this scenario, the VFS server suddenly becomes a network multiplexer.

The VFS is not the only topic of the current release. Another highlight is the introduction of a application binary interface that makes all components binary compatible across kernel boundaries by default. Combined with the new kernel-independent build directories, it has become possible to move complete system scenarios from kernels as different as L4, NOVA, seL4, or Linux in matter of seconds. Further improvements of Genode 17.02 are the addition of a generic input-event processor, new SD-card drivers, the update to the version 0.8 of the Muen separation kernel, and a new mechanism for managing dynamic subsystems. All the improvements are described in detail in the release documentation.

ToaruOS 1.0.3 released

ToaruOS 1.0 was released 18 days ago, and since then, several bugfix releases have been released. The latest release - the one you want to test - is 1.0.3.

ToaruOS is a complete hobby operating system, including a kernel and userspace with many graphical applications. This is the first release considered to be "user-ready", but please keep in mind that ToaruOS is a hobby project and it may not be stable or suitable for any purpose you might have for an operating system. This release represents the culmination of many years of development, research, and learning.

IT's a remarkably fun operating system, and runs without any problems in VirtualBox. I've played with it a bit during the day, messing around with the basic but elegantly simple UI, browsing the file system, installing a few packages through the graphical package manager, and playing some Quake. It's rare for hobby operating systems to achieve this level of functionality in a 1.0 release, so colour me pleasantly surprised.

ToaruOS's kernel in its current form is 32-bit, non-SMP, monolithic (but modular), and Unix-like. It supports processes, threads, shared memory, files, pipes, TTYs, packet-based IPC, and basic IPv4 networking. Driver modules allow for access to EXT2 and ISO9660 filesystems, PATA and ATAPI disk access for hard drives and CDs, framebuffer support on most virtual machines (as well as bootloader-assisted generic framebuffer support), networking on AMD PCnet FAST, Realtek RTL8139, and Intel PRO/1000-series NICs, PS/2 mice and keyboards, audio on Intel AC'97 chipsets, as well as special support for VirtualBox's guest additions.

The userspace includes a dynamic linker, a full-featured compositing windowing system, many Unix-like utilities, a port of Python 3.6 (including many binding libraries for the ToaruOS windowing environment), and several graphical applications (including a package manager).

The code's on github.

Cambridge Z88 portable ROM 4.7 released

The Z88 Development Team has released a new version of the system ROM for the Cambridge Z88 portable.

It's the result of more than a years work, with many improvements and new features: ISO character set support in filenames and international dates, faster serial I/O, improved RAM applications, better responsiveness. Rock-stable software that enables to run your Z88 for many months with re-booting.

The team also outlines its plans for the future:

The next step for the coming years is to re-implement the Z88 on low-power FPGA, minimum 10 X faster CPU, 800x600 screen resolution, up to 1Gb of RAM, SD-card filing system, VGA/HDMI output, improved operating system with new Unix-like command line Shell, ELF for Z80 executables + shared libraries, and integrated Zip arching in filing system. Emulators and developer tools will also be freely available.

First public alpha of axle released

axle is a small UNIX-like hobby operating system. Everything used within axle is implemented from the ground up, aside from the bootloader, for which we use GRUB. axle is a multiboot compliant kernel. axle runs C on 'bare metal' in freestanding mode, meaning even the C standard library is not included. A subset of the C standard library is implemented within axle's kernel, and a userspace version is planned. axle is mainly interfaced through a shell.

Open source, custom educational operating system. The first public alpha release is out.

OpenVMS port to x86 update

VSI (the men and women porting OpenVMS to x86 hardware) has released an update outlining some of the issues so far in porting this old battleship of an operating system to x86 and liberating it from IA64.

This update provides a high level view of our current efforts to port OpenVMS to the Intel x86 hardware platform. The report highlights topics including: Compilers, Objects & Images, Early Boot Path, Virtual Machines, Dump Kernel, Paravirtualization, and Condition Handling.

Still a long way to go, but it is exciting for VMS fans.

Jehanne: a Plan 9-based operating system

Jehanne is a new distributed operating system designed for programmers. The core values that lead the development are simplicity and security. Jehanne is a fork of Harvey (which in turn is a fork of Plan 9 from Bell Labs merged with Nix's kernel sources) but diverges from the design and conventions of its ancestors whenever they are at odds with its goals. Read about development progress made in 2016.

Rux: a hobbyist microkernel written in Rust

Rux's goal is to become a safe general-purpose microkernel. It tries to take advantage of Rust's memory model - ownership and lifetime. While the kernel will be small, unsafe code should be kept minimal. This makes updating functionalities of the kernel hassle-free.

Rux uses a design that is similar to seL4. While there won't be formal verification in the short term, it tries to address some design issues of seL4, for example, capability allocation.

The code is very approachable for anyone interested in capability-based microkernel design.

Alexa: Amazon’s operating system

In short, Amazon is building the operating system of the home - its name is Alexa - and it has all of the qualities of an operating system you might expect:

  • All kinds of hardware manufacturers are lining up to build Alexa-enabled devices, and will inevitably compete with each other to improve quality and lower prices.
  • Even more devices and appliances are plugging into Alexa's easy-to-use and flexible framework, creating the conditions for a moat: appliances are a lot more expensive than software, and much longer lasting, which means everyone who buys something that works with Alexa is much less likely to switch.

It's definitely an interesting case to make - and Ben Thomspon does it well - but I still have a very, very hard time seeing voice-driven interfaces as anything but a gimmick at this point in time. Every point I made about this subject in the Summer of 2016 still stands today - limited functionality, terrible speech recognition, inability to deal with dialects and accents, and the complete and utter lack of support for people who live multilingual lives.

I can't hammer this last point home often enough: not a single one of the voice-driven interfaces we have today - Alexa, Siri, Google Now, Google Assistant, Cortana, whatever - support multilingual use. Some of them may allow you to go deep into a menu structure to change input language (while some, like smartwatches, even require a full wipe and reset), but that's not a solution to the problem of switching language sometimes even several times a minute, something multilingual people have to do dozens of times every day. And again - there are literally hundreds of millions of people who lead multilingual lives.

Heck, Alexa is only available in English and German!

If voice-driven interfaces are really as important as people make them out to be, they've got at least a decade of development ahead of them before they become actually useful and usable for the vast majority of the world.

Rust-based Redox OS 0.0.6 Released

Redox OS, a microkernel OS written in Rust, hast just released version 0.0.6, which includes bug fixes and and update to Rust.

From the project's 2016 in review post:

Today, we have a pretty mature project. It contains many core, usable components. It is already usable, but it is still not mature yet to be used as a replacement for Linux (like BSD is), but we’re slowly getting there.

The kernel was rewritten, a memory allocator was added, rendering libc out of the dependency chain, several applications were added, a file system were added, a window manager and display server was implemented, and so on.

Two old stories, more relevant today than ever

Me, almost seven years ago (2010), about the dearth of news about alternative operating systems:

OSNews has moved on. As much as it saddens me to see the technology world settling on Macwinilux (don't flatter yourself, those three are pretty much the same), it's a fact I have to deal with. It's my job to fill OSNews with lots of interesting news to discuss, and even though I would love to be able to talk about how new and exciting operating systems are going to take over the desktop world, I have to be realistic too. Geeks (meaning you and I) have made a very clear choice, and it doesn't seem like anything's about to bring back those exciting early days of OSNews.

Me, almost four years ago (2013), about why there are no mobile hobbyist operating systems:

So, what is the cause? I personally think it has to do with how we perceive our smartphones and tablets. They are much more personal, and I think we are less open to messing with them than we were to messing with our PCs a decade ago. Most of us have only one modern smartphone, and we use it every day, so we can't live with a hobbyist operating system where, say, 3G doesn't work or WiFi disconnects every five seconds due to undocumented stuff in the chip. Android ROMs may sound like an exception, but they really aren't; virtually all of them support your hardware fully.

With people unwilling to sacrifice their smartphone to play with alternative systems, it makes sense that fewer people are interested in developing these alternative systems. It is, perhaps, telling that Robert Szeleney, the programmer behind SkyOS, moved to developing mobile games. And that Wim Cools, the developer of TriangleOS, moved towards developing web applications for small businesses. Hard work that puts food on the table, sure, and as people get older priorities shift, but you would expect new people to step up to the plate and take over.

So far, this hasn't happened. All we can hope for is that the mobile revolution is still young, and that we should give it some more time for a new, younger generation of gifted programmers to go for that grand slam.

I sincerely hope so.

I don't know, for some mysterious reason I figured I'd link to these seven and four year old stories.

Harvey OS meets RISC-V

Ending this year, Ron G. Minnich has got Harvey running in RISC-V architecture, booting Harvey on Spike (ISA Simulator) and running rc shell on it. But he never rests and now is working on bringing it to QEMU and to FPGA. It's a big step for Harvey because we fixed some multiarch issues across the source and Ron found some bugs in timer interrupts in the hardware, so we all learned something.

What is Harvey OS?

Harvey is an effort to provide a modern, distributed, 64 bit operating system. A different environment for researching and finding new lines of work. It can be built with gcc and clang and has an ANSI/POSIX compliant subsystem.

Two news items about alternative operating systems in a row?

The year's off to a good start.

FreeDOS 1.2 released

The FreeDOS 1.2 release is an updated, more modern FreeDOS. You'll see that we changed many of the packages. Some packages were replaced, deprecated by newer and better packages. We also added other packages. And we expanded what we should include in the FreeDOS distribution. Where FreeDOS 1.0 and 1.1 where fairly spartan distributions with only "core" packages and software sets, the FreeDOS 1.2 distribution includes a rich set of additional packages. We even include games.

But the biggest change you are likely to notice in FreeDOS 1.2 is the updated installer. Jerome Shidel wrote an entirely new FreeDOS install program, and it looks great! We focused on keeping the new installer simple and easy to use. While many DOS users in 2016 are experienced DOS programmers and DOS power users, we often see many new users to FreeDOS, and I wanted to make the install process pleasant for them. The default mode for the installer is very straightforward, and you only have to answer a few questions to install FreeDOS on your system. There's also an "Advanced" mode where power users can tweak the install and customize the experience.

Great Christmas gift.