Category Archives: News

Updated Uniaud Driver Package Released

Arca Noae is pleased to announce the immediate availability of an updated Uniaud Audio Driver Package for ArcaOS, OS/2, and eComStation. (Uniaud-20180117)

This is a minor maintenance release that contains some fixes for Realtek mixer devices.

This release of Uniaud32 also implements MSI support. MSI only works with the ACPI PSD version 3.23.04 or higher. It is not required to use the ACPI PSD with Uniaud. If you don’t use ACPI then Uniaud will just use normal interrupts. If you are using the ACPI PSD, it must be version 3.23.04 or higher or your system may trap. If you are using an earlier version of ACPI, upgrade ACPI first before installing this version of Uniaud.

More information about the Uniaud Package may be found in the Uniaud wiki.

If you have ArcaOS, this driver package is available for download from the Arca Noae website as part of the Support & Maintenance subscription for your ArcaOS product. Please log into your account and see your ArcaOS order details page to access your software.

If you have an Arca Noae OS/2 & eCS Drivers and Software Subscription, this driver package is available for download from the Arca Noae website as part of your Arca Noae OS/2 & eCS Drivers and Software Subscription. Please log into your account in order to access your software.

If you are still running OS/2 and/or eComStation systems and haven’t yet purchased a software subscription, this is a great reason to do so now. It may also be a good time to consider moving up to ArcaOS.

Policy statement concerning Spectre and Meltdown exploits

Spectre and Meltdown are terms used to describe two potential exploits in a class of security attacks commonly termed “timing attacks” because they access data which may be sensitive in nature (passwords and other information) from areas of memory which may only be available at specific times (either moved elsewhere or removed entirely at other times). They belong to the more general class termed “side-channel attacks,” because they exploit the hardware itself, rather than breaking encryption or utilizing a software flaw. For more technical information regarding these exploits, please refer to the links section, below.

Arca Noae engineers are monitoring the situation, and while there is still much contradictory information crossing the internet at this time, we believe we have been able to assess at least some of the risk and provide some guidance to users of the OS/2 platform (OS/2 Warp, eComStation, and ArcaOS). As further reliable information becomes available, this post will be updated to reflect any change in Arca Noae’s position and any actions we may plan to take.

General information

In order to gain access to any information in privileged memory using one of these exploits, a user-level application must be launched on the specific machine to be compromised. This means that presently, an OS/2 executable must be used as the attack vector. As of this writing, we are not aware of any such code which executes on the OS/2 platform.

Browser-based attacks (running JavaScript) appear to require greater precision in a high-resolution timer than is currently available on OS/2, making such exploits more difficult than on other platforms, if not altogether impossible. It should also be noted that any such JavaScript-based attack would have to also be specifically designed to handle access to memory regions as managed by OS/2 (in other words, a malicious JavaScript program must be written for OS/2 and specifically to run in the OS/2 browser version in which it is running; a JavaScript program written for Windows or Linux will not work on OS/2). Realistically, the chance of this level of coding detail is extremely small.

Risks – virtual installations vs bare metal

By far, virtualized environments (running OS/2 as a guest under some other more vulnerable platform) are at the greatest risk, because the host system may rightly have access to the guest’s memory and virtualized processor. A host running a vulnerable operating system with an exploitable CPU which remains unpatched is the greatest concern. Arca Noae believes bare metal installations of OS/2-based operating systems are at much less risk.

Arca Noae’s current strategy

To date, we have not identified a need for a kernel patch to mitigate the risk of any hypothetical Spectre or Meltdown attack against OS/2-based systems. We continue to monitor the available information and will adjust our strategy as conditions require.

Arca Noae’s current recommendations

For virtualized and bare metal installations, Arca Noae recommends only running software obtained from trusted sources. Per stand practice, reasonable security precautions should be taken when accessing the internet, particularly when visiting unfamiliar or untrusted sites, and browser cache should be cleared regularly. The use of a NAT firewall is also encouraged (either a separate one, as built into a broadband router or at a minimum, a software firewall running on the local OS/2 system, such as InJoy Firewall).

Because a malicious application designed to utilize one of these exploits would have to be downloaded or copied to the target OS/2 system and then executed locally, normal malware protections remain the best first line of defense.

For virtualized installations, Arca Noae recommends applying to the host system whatever patches are made available and recommended by the developer of the host operating system.

Updates

2019-02-14: Security researchers apparently conclude in this whitepaper that Spectre cannot be entirely mitigated at the software level.

2019-10-07: Intel engineers have proposed (official/latest Intel PDF, here) a new memory type, speculative-access protected memory (SAPM), to mitigate a common factor in side-channel attacks which access cache/memory.

Links

Spectre CVEs:

Meltdown CVE:

Mozilla Security Blog

CERT: CPU hardware vulnerable to side-channel attacks

Intel: Facts about side-channel analysis and Intel products

AMD: An update on AMD processor security

Everything you need to know about subscription expiration

By popular demand, this is a summary of what happens when a subscription expires:

Any installed Arca Noae drivers and software continue to function normally (including ArcaOS).
Any drivers and software which have already been downloaded may be installed and will function normally (including ArcaOS).
All free Arca Noae RPM repositories continue to work.
Free downloads from the Arca Noae site will remain accessible.
An expired subscription cannot be renewed. You must buy a new subscription if yours expires.
An expired subscription will not have any downloads available.
Any subscription-only Arca Noae RPM repositories will not be accessible.
Bug tracker will not be available.

Arca Noae is committed to keeping ArcaOS and other OS/2 distributions usable on modern hardware. New device drivers are in active development and support is always available to subscribers.

Renew early to receive the best value for your investment.

AHCI Driver Package version 2.04 released

Arca Noae is pleased to announce the immediate availability of our AHCI Disk Driver Package version 2.04 for ArcaOS, OS/2, and eComStation.

This is a maintenance release that contains minor fixes and updates.

Fixed the IOCtl pass-thru interface. Tools such as smartctl use this.
Removed the old smartctl program from the distribution.

More information about the AHCI Disk Package may be found in the AHCI wiki.

What also happens when a subscription expires?

In our last post, we discussed what happens in a customer’s account (Arca Noae’s side) when a subscription is allowed to lapse or expire. What we didn’t discuss was what happens to the installed system, drivers, and software when a subscription expires:

The installed ArcaOS system, drivers, and any related software continue to function normally.
Content from the relevant Arca Noae free repository/ies will continue to be accessible (arcanoae-rel, and even for those with separate access, arcanoae-exp).
Free downloads from the Arca Noae site will remain accessible.
Subscribing again after a subscription has lapsed requires a new purchase.
NOTHING ALREADY INSTALLED WILL STOP FUNCTIONING AS A RESULT OF A SUBSCRIPTION EXPIRING. NOTHING. REALLY.

We still highly recommend maintaining subscriptions. The hardware landscape continues to change, and Arca Noae is committed to keeping ArcaOS and other OS/2 distributions viable on today’s and tomorrow’s hardware as long as possible. New device drivers are in active development to extend the useful life of any OS/2 system, and support is always available to subscribers, as well. Renew early to receive the best value for your investment.

What happens when a subscription expires?

Subscriptions must be renewed to remain in force. Allowing a subscription to lapse or expire will cause the following actions in the customer’s account:

The order details, accessed through the customer portal, will no longer have downloads available. Any updates or interim enhancements released in this manner will no longer be accessible.
Subscription-only content available from the relevant Arca Noae subscription repository/ies will no longer be accessible.
For ArcaOS, the ISO download will no longer be accessible.
Access to the Mantis bug tracker to open new issues, report on existing issues, or as a knowledgebase of reference material will no longer be available.
Subscribing again after a subscription has lapsed will not qualify for any renewal discounts.

We highly recommend maintaining archives of any downloaded content, as it may not be possible to access this again (even the last versions available when the subscription was in force).

Our first ever Black Friday Sale!

Arca Noae is launching our first ever Black Friday Sale!

If you’ve been waiting to get an ArcaOS license, either as a return to OS/2 after a long absence or because you’ve heard the buzz about the breakthrough Blue Lion distribution, or even if you’re a current ArcaOS licensee and want an additional license or two — or three — for some other systems, now is the time.

ArcaOS 5.0 personal edition licenses are on sale for just $109 from now through the end of 2017. Personal edition licenses include six months of support and updates, and after that, annual support renewals are available for a great price.

ArcaOS 5.0 commercial edition licenses are on sale for just $195 from now through the end of 2017, and include a full year of support and updates.

Get your ArcaOS licenses while they’re available at these great discounts!

Panorama Video Driver Package version 1.09 released

Arca Noae is pleased to announce the immediate availability of our Panorama Video Driver Package for OS/2 and eComStation version 1.09.

This is a maintenance release containing the following changes:

Fixes a problem validating the EDID information from older monitors.
Added a Custom Resolutions page to the screen setup object.

More information about the Panorama Package may be found in the Panorama wiki.

This driver package is available for download from the Arca Noae website as part of your Arca Noae OS/2 & eCS Drivers and Software Subscription. Please log into your account in order to access your software.

ArcaOS 5 included Support & Maintenance Subscription length

We have recently become aware of some possible confusion surrounding the amount of time (term) of included support for personal vs commercial edition licenses of ArcaOS 5. It therefor seemed appropriate to review our website content, and to our surprise, we find that we really have not done a good enough job of making this particular — though critical — issue very clear. Hopefully, this post will set the record straight.

In an earlier post, we discussed the process for renewing subscriptions, and mentioned that it was renewal season for early adopters of ArcaOS 5. That reference was to those who purchased personal edition licenses for ArcaOS 5 six (6) months ago.

ArcaOS 5.0 personal edition includes six (6) months of Support & Maintenance.

ArcaOS 5.0 commercial edition includes twelve (12) months (one full year) of Support & Maintenance.

Renewal reminders are normally sent one month prior to expiration, one week prior, and finally on the day of expiration.

Although the personal and commercial editions of ArcaOS 5 are code-equivalent (there is no difference in the operating system or kernel itself, e.g., both support up to 32 processor cores and an unlimited number of connections, with the same storage volume types and capacities and included device drivers and applications), there are other differences between the two, namely the level of support and the term (length of time) of the included subscription. The commercial edition includes prioritized support for twelve months (one year), whereas the personal edition includes standard support for six months.

Support renewals for both editions are for one year. For example, a personal edition license purchased June 1, 2017 will be due for a Support & Maintenance subscription renewal on or before November 30, 2017 and the renewal will extend the support a full year until November 30, 2018. A commercial edition license purchased the same day (June 1, 2017) will be due for a Support & Maintenance subscription renewal on or before May 31, 2018 and the renewal will extend the support for a full year until May 31, 2019.

If you miss the deadline for a timely renewal of your included Support & Maintenance subscription, you may still “renew” your subscription at the regular price. Missed the deadline because you didn’t receive your reminder emails for some reason? No problem. Just contact us or open a customer service ticket, and we will be glad to help make things right. That’s our commitment to you as an ArcaOS licensee.

Finally, for those of you with existing OS/2 & eCS Drivers & Software subscriptions, concerned about the differences between the two subscription “tracks,” we have a handy table which compares the two, available here.

We believe there are compelling reasons to move up to ArcaOS 5, and to keep in force a Support & Maintenance subscription, ensuring regular updates and the availability of technical assistance for the operating system as a whole. While there is no requirement to renew Support & Maintenance to continue using ArcaOS 5, doing so ensures uninterrupted access to updates, refreshed installation ISOs, and support.

Please review this post for the specifics on how to renew your existing subscription.

IBM LAN Update for ArcaOS Released

Arca Noae is pleased to announce the immediate availability of an update for the IBM LAN product in ArcaOS.

This update brings the IBM Requester and Peer files in ArcaOS up to the latest level. This update is only for ArcaOS versions 5.0 through 5.0.1. The updated IBM Requester and Peer files will already be in ArcaOS versions 5.0.2 and later, so those systems do not need this update. This update is not for non-ArcaOS systems. The installer will check your system to see if you need the update when you run it.

If you have ArcaOS, this update package is available for download from the Arca Noae website as part of the Support & Maintenance subscription for your ArcaOS product. Please log into your account and see your ArcaOS order details page to access your software.

If you are still running OS/2 and/or eComStation systems, this update is not licensed for use on those systems. This might be a great time to consider moving up to ArcaOS.