Category Archives: Community

Community related news

Arca Noae Package Manager version 1.0.3 has been released

Arca Noae is pleased to announce the immediate availability of an updated Arca Noae Package Manager for ArcaOS, OS/2, and eComStation. (1.0.3)

This is a minor update, featuring various fixes and enhancements:

Ability to select specific platform for package installation/replacement.
Better filtering of duplicate packages in lists.
Improved message formatting.
Improved and expanded help guide, with more “how-to” references.
Updated included libraries.
Various bug fixes and other minor improvements.

Arca Noae Package Manager is available in English with Spanish, French, Italian, German, Dutch, and Swedish language packs. Some have added help file translations in this version.

This open source utility is available to everyone, free of charge, regardless whether you have an Arca Noae software subscription or an ArcaOS license.

Please review the wiki for important first-time installation and upgrade notes and other tips.

Support FreeRDP for OS/2!

If you have a need to access a remote Windows desktop, the best option is using a Remote Desktop Protocol (RDP) client. Using RDP, the local system’s drives may be mapped (redirected) into the remote system to access local files, and even audio from the remote system may be redirected to the local system.

Currently, the RDP client of choice on OS/2 is RDesktop, ported by Andrey Vasilkin. However, RDesktop is showing its age, and a newer, more active project, FreeRDP, has become very well known.

Andrey proposes porting FreeRDP to OS/2, which poses its own set of challenges, so in order to do that, he needs support from the OS/2 user base. This project will take several months, but when he is done, all users of OS/2 warp, eCS, and ArcaOS will have a free, modern, remote access tool.

Sponsoring units for this work may be purchased in the Arca Noae store, in $15, $25, $50, and $100 increments, and of course, it is possible to purchase multiple units at one time.

As with all of the sponsoring collected through Arca Noae 100% of your donation (subject to currency conversion) goes to the project or to the developer. Arca Noae absorbs any related transfer fees.

Arca Noae Package Manager version 1.0.2 has been released

Arca Noae is pleased to announce the immediate availability of an updated Arca Noae Package Manager for ArcaOS, OS/2, and eComStation. (1.0.2)

This is a minor release, but with lots of new functionality, including:

Prioritization of installed/updated packages, and prompted rebooting (should eliminate various problems when updating all packages).
Export & import of package lists, designed to make it easier to keep different systems in sync or when a complete refresh is required.
Fixed problems filtering out spurious checksum messages.
Improved error message formatting overall.
Program now gracefully handles bad or offline repositories.
Secure repositories can now be disabled/enabled in Repository Manager.
Cancelling credential entry for a secure repository now automatically
disables it.
Some changes to menu names and arrangement.
Improved and expanded help guide.
Various bug fixes and other minor improvements.

Arca Noae Package Manager is available in English with Spanish, French, Italian, German, Dutch, and Swedish language packs. Some have added help file translations in this version.

This open source utility is available to everyone, free of charge, regardless whether you have an Arca Noae software subscription or an ArcaOS license.

Please review the wiki for important first-time installation and upgrade notes and other tips.

Policy statement concerning Spectre and Meltdown exploits

Spectre and Meltdown are terms used to describe two potential exploits in a class of security attacks commonly termed “timing attacks” because they access data which may be sensitive in nature (passwords and other information) from areas of memory which may only be available at specific times (either moved elsewhere or removed entirely at other times). They belong to the more general class termed “side-channel attacks,” because they exploit the hardware itself, rather than breaking encryption or utilizing a software flaw. For more technical information regarding these exploits, please refer to the links section, below.

Arca Noae engineers are monitoring the situation, and while there is still much contradictory information crossing the internet at this time, we believe we have been able to assess at least some of the risk and provide some guidance to users of the OS/2 platform (OS/2 Warp, eComStation, and ArcaOS). As further reliable information becomes available, this post will be updated to reflect any change in Arca Noae’s position and any actions we may plan to take.

General information

In order to gain access to any information in privileged memory using one of these exploits, a user-level application must be launched on the specific machine to be compromised. This means that presently, an OS/2 executable must be used as the attack vector. As of this writing, we are not aware of any such code which executes on the OS/2 platform.

Browser-based attacks (running JavaScript) appear to require greater precision in a high-resolution timer than is currently available on OS/2, making such exploits more difficult than on other platforms, if not altogether impossible. It should also be noted that any such JavaScript-based attack would have to also be specifically designed to handle access to memory regions as managed by OS/2 (in other words, a malicious JavaScript program must be written for OS/2 and specifically to run in the OS/2 browser version in which it is running; a JavaScript program written for Windows or Linux will not work on OS/2). Realistically, the chance of this level of coding detail is extremely small.

Risks – virtual installations vs bare metal

By far, virtualized environments (running OS/2 as a guest under some other more vulnerable platform) are at the greatest risk, because the host system may rightly have access to the guest’s memory and virtualized processor. A host running a vulnerable operating system with an exploitable CPU which remains unpatched is the greatest concern. Arca Noae believes bare metal installations of OS/2-based operating systems are at much less risk.

Arca Noae’s current strategy

To date, we have not identified a need for a kernel patch to mitigate the risk of any hypothetical Spectre or Meltdown attack against OS/2-based systems. We continue to monitor the available information and will adjust our strategy as conditions require.

Arca Noae’s current recommendations

For virtualized and bare metal installations, Arca Noae recommends only running software obtained from trusted sources. Per stand practice, reasonable security precautions should be taken when accessing the internet, particularly when visiting unfamiliar or untrusted sites, and browser cache should be cleared regularly. The use of a NAT firewall is also encouraged (either a separate one, as built into a broadband router or at a minimum, a software firewall running on the local OS/2 system, such as InJoy Firewall).

Because a malicious application designed to utilize one of these exploits would have to be downloaded or copied to the target OS/2 system and then executed locally, normal malware protections remain the best first line of defense.

For virtualized installations, Arca Noae recommends applying to the host system whatever patches are made available and recommended by the developer of the host operating system.

Updates

2019-02-14: Security researchers apparently conclude in this whitepaper that Spectre cannot be entirely mitigated at the software level.

2019-10-07: Intel engineers have proposed (official/latest Intel PDF, here) a new memory type, speculative-access protected memory (SAPM), to mitigate a common factor in side-channel attacks which access cache/memory.

Links

Spectre CVEs:

Meltdown CVE:

Mozilla Security Blog

CERT: CPU hardware vulnerable to side-channel attacks

Intel: Facts about side-channel analysis and Intel products

AMD: An update on AMD processor security

Want to learn more about using ArcaOS? Come to Warpstock 2017 in Toronto!

Warpstock as an event has been around since 1997. Since its inception, the goal of Warpstock has been to educate and expose users to OS/2, its available software, and how to get the most out of the environment. In addition, Warpstock has always been a great venue for meeting developers and engineers involved with OS/2 and its derivative operating systems, including eComStation and ArcaOS.

This year’s Warpstock event is scheduled for September 8-10 in Toronto, Ontario, Canada. Several key members of the ArcaOS development team will be on hand to present, answer questions, and take suggestions to improve the operating system as we continue to move toward the 5.1 release, planned for later next year.

More information about Warpstock, its history, past speakers and presentations, and this year’s event may be found on Warpstock’s site: http://www.warpstock.org.

Come join us in Toronto!

ArcaOS 5.0: Blue Lion is coming

The final beta for ArcaOS 5.0 is due for release to beta testers within hours. We’ve spent considerable time nailing down the last of what we consider to have been critical issues (likely installation pitfalls) to ensure that our users are able to get the operating system installed and get on with using and enjoying the new version as soon as possible. While our intent was to provide more details along the way, our focus has remained on the software, and as we are all engineers here, in one form or another, we’ve all been engaged in developing and testing.

Meanwhile, some announcements:

Pricing for ArcaOS 5.0 will be in two tiers, set apart by the level and length of support and maintenance bundled with each. The personal license will retail for $129, with an introductory price of $99 for the first 90 days following release. This includes six months of support and maintenance updates and fixes. The commercial license is priced at $229, and includes one year of support and maintenance. Subscription services will be available for each version and it will be possible to bundle extended support and maintenance subscriptions at the time of ArcaOS license purchase.

Volume discounts will be available, as well, with different discount levels for personal and commercial licenses.

ArcaOS 5.0 to launch this week

ArcaOS 5.0 is slated for release this week. Please bear with us as we ensure that the ordering and delivery infrastructure is in place for this milestone release. Watch the blog each day, as we count down the final hours to release with bits of useful information.

Arca Noae Package Manager: Spanish language pack now available and French refreshed

Arca Noae Package Manager has been refreshed to include support for the Spanish language pack (thanks to Alfredo Fernández Díaz for the translation). Note that this pack does not yet include a translated help file.

The French language pack for Arca Noae Package Manager has been refreshed to address a typo which caused the Preferences menu item to revert to English.

Arca Noae Package Manager is available in English with Dutch, French, German, Italian, Spanish, and Swedish language packs (more languages to be added).

This open source utility is available to everyone, free of charge, regardless whether you have an Arca Noae software subscription.

Please review the wiki for important first-time installation notes and other tips.

Arca Noae’s support of open source projects: Ports and more by bww bitwise works GmbH

Following our last installment in this series which focused on Arca Noae’s commitment to Firefox development, we thought that pulling back the focus a little to give a broader perspective might be a good idea.

Development of various open source ports by our strategic partner, bww bitwise works, GmbH, enables building Firefox, Thunderbird, SeaMonkey, and many, many other modern and useful applications and components. While the Ports project is hosted at Netlabs, the bulk of the heavy lifting is done by bww bitwise works, with the resulting work product made available free of charge to everyone.

These packages are installable via YUM and RPM at the command line or via the free, easy-to-use, native OS/2 Arca Noae Package Manager (ANPM), straight from the OS/2 desktop.

Similarly, the Samba for OS/2 and OS/2-based systems project allows OS/2 to stay connected to the rest of the world – all for free, and this is just one more example of the great things this team is doing.

Sponsoring this critical work helps to ensure that new releases of Firefox, Thunderbird, SeaMonkey, and other cutting edge technologies are available on OS/2. If you utilize any of these technologies, and wish to see new ports, continuing maintenance for existing ports, or just want to say “thanks,” please visit our store and sponsor them.

Arca Noae needs your help

In order to make the installation of Blue Lion as smooth and intuitive as possible, we need to update and maintain an extensive database of hardware we are likely to encounter during installation and the drivers associated with the various devices installed in current machines.

Luckily, during the installation of eComStation, a file is created: MACHINE.CFG, stored in <boot drive>\ecs\install\rsp. This file contains all of the relevant data we need to update our current database.

We are asking for community assistance to gather as many MACHINE.CFG files as possible. If you have installed eComStation systems, please attach the MACHINE.CFG file from each one to an email (you may attach multiple files to a single email or send separate ones) addressed to hardware-info at arcanoae dot com. This file should not contain any personally identifiable information, but to be sure, please review before attaching.

Many thanks from the Blue Lion Dev Team for your assistance!