Category Archives: ArcaOS

I want ArcaOS 5.1!

TO CLARIFY: ArcaOS 5.1 HAS NOT YET BEEN RELEASED. Please read this post all the way to the end to get all information.

ArcaOS 5.1 is complete and waiting for release. The holdup is really related to our distribution system, which is based on the WooCommerce platform.

Until we can produce multiple versions of ArcaOS ISOs, in multiple languages, WE MUST HOLD UP THE ArcaOS 5.1 RELEASE.

While WooCommerce is a capable ecommerce solution, Arca Noae’s requirements to be able to allow ordering of a personalized ISO have now become considerably more complicated than they were for the 5.0 release in 2017. Instead of only spinning the same ISO with personalization data for each customer, we now must continue to have 5.0 ISOs available, and offer 5.1 ISOs in several languages. In addition, instead of maintaining one subscription channel for ArcaOS, we now must maintain two separate channels, one for 5.0 and one for 5.1. Upgraders will also need to change subscription channels when they upgrade ArcaOS. This work has proven more complicated than we had anticipated.

In the meantime, we have taken steps to upgrade our infrastructure to expand our capacity to build and warehouse more ISOs, and we are now at a point where the missing pieces of the puzzle are just the software enhancements for the website to bring everything together.

We have always avoided stating narrow windows for anticipated delivery dates, and take great efforts to avoid the appearance of vaporware. ArcaOS 5.1 is real, and it is coming…soon.

In the interim (and after the release of ArcaOS 5.1), ArcaOS 5.0 will continue to receive critical updates and support, and from time to time, we may even release new bugfix ISOs for ArcaOS 5.0 (generally when an update impacts the installation experience).

It is also important to note that not all languages for ArcaOS 5.1 will be made available when English is released, nor will all non-English languages be released at the same time. Translations of German, Spanish, French, Italian, Russian, and others are in varying states of completion. As we deem a certain language ready for release, we will make it available.

We appreciate everyone’s continued patience. We want to bring you ArcaOS 5.1 as much as you want it!

Welcome to the new ArcaOS Download Center!

Along the way to the much anticipated ArcaOS 5.1 release, we have been working behind the scenes to upgrade our build and delivery systems. To this end, you should notice a welcome addition to your customer portal: the ArcaOS Download Center.

In the left navigation area, you should see this new link. Clicking it will bring you to a consolidated listing of your ArcaOS licenses and associated downloads. No more scanning through all of your orders to find the right one.

We hope you enjoy this new feature.

Beware of used ArcaOS licenses offered for sale

Happy New Year!

Recently, we’ve become aware of several ArcaOS licenses being offered for sale on various platforms. This post is a reminder to check the validity of any used license before paying for it.

All ArcaOS licenses are generated by Arca Noae. If you order through one of our authorized resellers, that reseller places an order for your software with us, and we provide the custom ISO for you, registered to an account in your name.

While it is entirely permissible to transfer a license (see paragraph 9 of the ArcaOS End User License Agreement ), such a transfer must include a hard copy of the license and proof of entitlement. Proof of entitlement means some documentation to prove that the company or individual transferring the license does indeed have the right to do so (it must indeed be registered to that company or individual).

Upon transfer, the transferor must notify Arca Noae of the transfer and provide contact information for the transferee. Without this, it will not be possible to renew support for that ArcaOS license – including a late renewal.

It is worth noting also that only the ArcaOS license is transferable. Support is not. Thus, when an unsuspecting user purchases an existing ArcaOS license and he or she wants to access related downloads for updates or even request an updated ISO, a new ArcaOS Support & Maintenance subscription will be required. The cost of the used license plus new support may be far more than a new license with included support and the ability to renew that support at a discount.

If you are considering the purchase of a used ArcaOS license, be sure to ask for a copy of the registrant’s name, email address, and serial number, and contact us first so that we may be able to determine whether the license is, in fact, legitimate. If it’s not, it will not be valid for purchasing a Support & Maintenance subscription, so technical support, updates, discounted upgrades, and bug fixes will never be available.

Arca Noae PNG Icon Set version 2022-12-14 released

Dynamic Icons Arca Noae is pleased to announce a minor update to our PNG Icon Set included with ArcaOS, which is now available as part of the Support & Maintenance subscription for your ArcaOS product. Please log into your account and see your ArcaOS order details page to access your software.

Version 2022-12-14 includes a full set of Apache OpenOffice 4 icons, as well as the OS/2-specific QuickStart icon.

Icons in this set are released under LGPLv3, and include original and derived images from several sources.

If you are still running OS/2 and/or eComStation systems and haven’t yet moved up to ArcaOS, this is a great reason to do so now. If you’ve already made the switch, but haven’t renewed renewed your support subscription, this is also a good time. Not sure what’s coming next? Have a look at our product roadmap pages.

Dynamic Icons version 2.5.2.2 for ArcaOS released

Dynamic Icons, the latest spin on Sunny Icons from eCo Software, specifically enhanced and built for ArcaOS, has been updated to version 2.5.2.2, and is now available as part of the Support & Maintenance subscription for your ArcaOS product. Please log into your account and see your ArcaOS order details page to access your software.

Version 2.5.2.2 allows for dynamic text sizing in its dialogs and fixes folder details view settings.

Resolving issues with GMail and OAuth 2.0 requirements

At the end of May, 2022, GMail discontinued use of standard authentication methods for POP3, IMAP, and SMTP connections. The available OAuth2 authentication mechanism in the latest SeaMonkey and Thunderbird for the OS/2 platform is unable to properly complete the authentication procedure with GMail, and will leave the application in a hung state.

There are several methods to work around this, but perhaps the easiest is simply to generate what Google calls an app password, which is, quite simply, a 16-digit passcode which gives a non-Google application or device permission to access your Google Account.

To generate the app password, follow the directions available here. Remember, that in order to do this, you must have 2-Step-Verification enabled for your account.

Once you have generated the app password, copy it to your clipboard. Open SeaMonkey Mail or Thunderbird, and access the server settings for your GMail account. Ensure that the authentication method is set for Normal password (Google will not accept encrypted passwords for this). Make the same change for the GMail SMTP server. Note that in both cases, SSL/TLS should be selected for the connection security, and specifically not STARTTLS. Close the settings dialog and attempt to access the account. You should be prompted for a new password. Paste the app password into the prompt.

To configure a second system to access the same account, simply paste (or type) the same app password. This technique should work for other mail clients, as well.

For questions, there is an informative discussion in the OS/2 World forum on this very topic.

GPT usability in ArcaOS 5.1.0

In our last post we discussed that the upcoming ArcaOS 5.1.0 release will be able to make use of laptops and desktops that only support booting in so-called UEFI mode.

When booting ArcaOS in UEFI mode, the disk partitioning scheme may use the traditional Master Boot Record (MBR) or the newer GUID Partition Table (GPT). Although MBR has been extended to support disks up to 2TB, with ever-growing disk sizes, this may be too limiting for devices which could otherwise support handling more data than this. Also, if installing to a disk which is already configured using GPT, releases of ArcaOS prior to 5.1.0 require a full wipe and repartition of the disk. This inconvenience should no longer be an issue in ArcaOS 5.1.

Thus, ArcaOS 5.1.0 will be able to utilize GPT disk layouts with the following benefits:

Support for hard disks and solid state drives larger than 2TB attached to AHCI or NVMe storage controllers.
On systems equipped with a single drive and Windows pre-installed using a GPT layout, there should be no need to wipe and repartition, as long as there is room for ArcaOS to create at least one partition for itself.
GPT eliminates many of the LVM issues you may have encountered in the past when preparing a disk to install ArcaOS next to other operating systems, such as Linux and Windows because ArcaOS will use the same LBA partition alignment method (for GPT disk layouts) as these other operating systems.

GPT usage has been integrated into the ArcaOS installation partitioning tool (Logical Volume Manager), giving you a seamless experience while installing and maintaining ArcaOS.

Of course, ArcaOS 5.1.0. will continue to support your existing hard disks that have been partitioned using an MBR disk layout, too. In fact, a mix of GPT and MBR disks is also possible, and you will also be able to install ArcaOS in a UEFI environment on an MBR disk (GPT is completely optional, and never a requirement).

It is also important to remember that while ArcaOS 5.1.0 will support hard disks and SSDs larger than 2TB, OS/2 filesystems are currently limited to 2TB per partition. Thus, in order to fully utilize, say, a 12TB device for ArcaOS, you would need to partition this into multiple volumes, each no more than 2TB in size. (Also, for volumes in excess of 64GB, you must select JFS as the filesystem.)

ArcaOS Desktop updated to 1.0.15

Dynamic Icons

Arca Noae is pleased to announce the immediate availability of ArcaOS Desktop (ANXWP) 1.0.15 in English, German, Dutch, Spanish, Italian, Japanese, and Russian. This is a maintenance release containing bug-fixes and updates that have accumulated since the last release. The primary improvements include:

Desktop Properties notebooks

XFolder: Prevent doubled entries in the Background page’s File dropdown.
WPPgm/WPPgmFile: Prevent <Esc> from dismissing the Language tab dialog.

XCenter Widgets

Pulse: Fix spurious 100% CPU usage after a WPS restart.
Window List: Refactor/simplify button positioning and drawing.

Menus

Trash Can: Ensure the Open As default is correct.
XView: Display correct whitespace menus for root folders.

Startup and Shutdown

XStartup: Restart automatically after fixing the order of class-replacements.
XShutdown: Added an optional “XWP_ACPIDELAY=xxx” environment variable to change the default shutdown delay of 250ms.

Localization

Add translated strings in Font Folder and in a folder’s Details dialog.

See the Version Information topic of the ArcaOS Desktop Users Guide and Reference located in the Help Center for more details about this release.

Arca Noae would like to thank Rich Walsh for his work on maintaining and improving XWorkplace and ArcaOS Desktop.

If you have ArcaOS, this software is available for download from the Arca Noae website as part of the Support & Maintenance subscription for your ArcaOS product. Please log into your account and see your ArcaOS order details page to access your software.

If you are still running OS/2 and/or eComStation this is a great reason to consider moving up to ArcaOS. This update includes reserved features licensed for use exclusively with ArcaOS.

UEFI support in ArcaOS 5.1 – update for February, 2022

Development and testing of Arca Noae’s support for UEFI continues. Here’s a brief recap of how this will work in ArcaOS 5.1:

When the installation media boots, if the system is determined to be in “UEFI mode” as opposed to “Legacy mode” (“Legacy” here refers to the configuration which presents a traditional PC BIOS), ArcaOS will begin the preboot process using its compatibility system. Essentially, this is a 64-bit environment which will provide a rather complete BIOS emulation for the ArcaOS kernel, including VGA services for video display.

If the user selects to use his own settings for installation (the preboot menu), the screens will look and act just like a traditional installer boot, but will, in fact, be provided by this new compatibility system.

Once control is handed off to the ArcaOS kernel, the OS itself is exactly the same as a traditional ArcaOS boot. That is to say, the kernel is identical. The goal of the Arca Noae Compatibility System (ANCS) is to provide a standard environment for ArcaOS, without the need to actually maintain different versions of ArcaOS files for each environment. Another benefit of ANCS is that because the video BIOS emulation is generally more complete than that provided by the CSM in many systems built in the past decade, DOS and Win-OS/2 sessions tend to run much better.

ArcaOS 5.1 should support booting in UEFI mode on a range of systems which provide a recent UEFI implementation, from either GPT or MBR partitioned disks. In the next post in this series, we’ll discuss GPT and MBR and how the boot process differs between the two partition layouts.

Apache Log4j vulnerability (CVE-2021-44228)

On Thursday, December 9, 2021, the Apache Log4j project disclosed a critical security vulnerability which may result in remote code execution on systems running Log4j. The exploit has been aptly named Log4Shell (CVE-2021-44228).

Log4j is a logging component which runs under Java on many different platforms, and is useful not only for Java applications, but for other programs, as well. It is commonly bundled with unrelated software, simply as a means of providing a standard logging engine.

Arca Noae has completed a scan of our internal systems and has determined that we are not affected by this vulnerability. Further, ArcaOS has never included any Log4j components, and is also unaffected. However, because the exploitable feature in Log4j has existed for some time, it is possible that Java and other applications may have been installed under ArcaOS which utilize Log4j, and these systems may be at risk.

The feature used for the Log4Shell exploit is in the JNDI (Java Naming and Directory Interface) lookup class which was added to Log4j several years ago during the 2.0 beta cycle. Log4j versions through 2.3 required only Java versions up to 1.6, and so may be utilized by some OS/2-compatible applications.

Risk assessment

To determine whether any of your OS/2 systems may be at risk, start by searching all accessible volumes for log4j-*.jar. If any are found, determine the version of Log4j by examining the content of META-INF/MANIFEST.MF in the core jar file:

[c:\] unzip -c log4j-core.jar META-INF/MANIFEST.MF | less

Note the Implementation-Version line content.

Edge servers as well as firewalled systems running various applications may be at risk, as queries may be submitted to the Log4j engine from other applications and potentially from outside the network.

Mitigation

Although the exploit has been addressed in Log4j 2.16.0, because versions above 2.3 are not currently compatible with OS/2’s available Java Runtime Engine, it is necessary to mitigate the condition by removing the JndiLookup class from the classpath, e.g.:

[c:\] zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class

Additional information

Older (pre-2.0-beta9) versions of Log4j lack this lookup class, and do not appear to be at risk for Log4Shell (though some earlier security advisories may have been issued). Further research may be needed based upon the version(s) of Log4j which may be in use on these earlier systems. Also, this is not the only security advisory for Log4j 2.0-beta9 – 2.3. This notification is only related to CVE-2021-44228.

Links

https://nvd.nist.gov/vuln/detail/CVE-2021-44228
https://nakedsecurity.sophos.com/2021/12/10/log4shell-java-vulnerability-how-to-safeguard-your-servers/
https://www.kb.cert.org/vuls/id/930724