Tag Archives: blue lion

ArcaOS

It’s the 4th of July! Time for a Sale!

Arca Noae is launching our first ever 4th of July Sale!

If you’ve been waiting to get an ArcaOS license, either as a return to OS/2 after a long absence or because you’ve heard the buzz about the breakthrough Blue Lion distribution, or even if you’re a current ArcaOS licensee and want an additional license or two — or three — for some other systems, now is the time. These are the lowest prices of the year on this outstanding OS distribution!

ArcaOS 5.0 personal edition licenses are on sale for just $109 from now through Sunday, July 8. Personal edition licenses include six months of support and updates, and after that, annual support renewals are available for a great price, with their own built-in renewal discounts.

ArcaOS 5.0 commercial edition licenses are on sale for just $195 from now through Sunday, July 8, and include a full year of support and updates. As with personal licenses, annual support is available at a discounted price for timely renewals.

Get your ArcaOS licenses today!

 

ArcaOS 5.0.2 Bootable USB Stick Image 2018-02-12 Package Released

AOSBoot USB stickArca Noae is pleased to announce the immediate availability of our new ArcaOS Bootable USB Stick Image 2018-02-12 Package.

This package follows onto the included USB stick creation utility shipped with ArcaOS 5.0.2, allowing you to create a bootable USB ArcaOS 5.0.2 installation stick without a running OS/2 system. The package includes native binaries to restore the stick image from Windows, Mac, and Linux, as well as OS/2. Once the image is restored, eject, re-insert, and simply copy your personalized ISO (separately downloaded) to the stick per the included directions, which are also detailed in the ArcaOS support wiki. The stick may then be inserted into any USB 2.0-controlled port in the target system, which is then booted into the ArcaOS installer.

If you are still running OS/2 and/or eComStation systems and haven’t yet moved up to ArcaOS, this is a great time to do so. It’s never been easier to install any OS/2-based operating system.

ArcaOS

ArcaOS 5.0.2 now available

Arca Noae is pleased to announce the immediate availability of ArcaOS 5.0.2, the second maintenance release of ArcaOS 5.0 (Blue Lion).

ArcaOS 5.0.2 is the result of many hours of collaborative work to update and refine ArcaOS 5.0. Post-install fixes are included, and these will be made available for separate download as part of the ArcaOS 5.0 Support & Maintenance subscription shortly. In the meantime, a full download of the refreshed media image is required to obtain these fixes and updates.

ArcaOS 5.0.2 includes well over 60 updates and fixes since 5.0.1, and introduces for the first time ever available, the ability to boot an OS/2-based operating system from USB stick media and perform an installation. This new facility – AltBoot – should enable ArcaOS to be installed on many systems where traditional DVD-based booting has not been possible.

A bootable ArcaOS 5.0.2 USB stick may be created from any major operating system at hand (Windows, Linux, MacOS, and of course, OS/2, eComStation, and ArcaOS). The USB stick image package will be made available as a separate download.

If everything is working in your current installation, it may be prudent to wait for the subscription content to become available, as Arca Noae has not classified any of the 5.0.2 updates as critical.

If you have experienced difficulty installing ArcaOS 5.0.1, the fixes and updates included in 5.0.2 may address your issue(s).

For a complete list of updates in this release, see the ArcaOS wiki.

To download your fresh ISO, simply visit your customer portal page, select the Orders & Subscriptions link on the navigation panel to the left, then click on the order for your ArcaOS license. Once there, click the download link to request a fresh ISO, and wait for your notification email.

Policy statement concerning Spectre and Meltdown exploits

Spectre and Meltdown are terms used to describe two potential exploits in a class of security attacks commonly termed “timing attacks” because they access data which may be sensitive in nature (passwords and other information) from areas of memory which may only be available at specific times (either moved elsewhere or removed entirely at other times). They belong to the more general class termed “side-channel attacks,” because they exploit the hardware itself, rather than breaking encryption or utilizing a software flaw. For more technical information regarding these exploits, please refer to the links section, below.

Arca Noae engineers are monitoring the situation, and while there is still much contradictory information crossing the internet at this time, we believe we have been able to assess at least some of the risk and provide some guidance to users of the OS/2 platform (OS/2 Warp, eComStation, and ArcaOS). As further reliable information becomes available, this post will be updated to reflect any change in Arca Noae’s position and any actions we may plan to take.

General information

In order to gain access to any information in privileged memory using one of these exploits, a user-level application must be launched on the specific machine to be compromised. This means that presently, an OS/2 executable must be used as the attack vector. As of this writing, we are not aware of any such code which executes on the OS/2 platform.

Browser-based attacks (running JavaScript) appear to require greater precision in a high-resolution timer than is currently available on OS/2, making such exploits more difficult than on other platforms, if not altogether impossible. It should also be noted that any such JavaScript-based attack would have to also be specifically designed to handle access to memory regions as managed by OS/2 (in other words, a malicious JavaScript program must be written for OS/2 and specifically to run in the OS/2 browser version in which it is running; a JavaScript program written for Windows or Linux will not work on OS/2). Realistically, the chance of this level of coding detail is extremely small.

Risks – virtual installations vs bare metal

By far, virtualized environments (running OS/2 as a guest under some other more vulnerable platform) are at the greatest risk, because the host system may rightly have access to the guest’s memory and virtualized processor. A host running a vulnerable operating system with an exploitable CPU which remains unpatched is the greatest concern. Arca Noae believes bare metal installations of OS/2-based operating systems are at much less risk.

Arca Noae’s current strategy

To date, we have not identified a need for a kernel patch to mitigate the risk of any hypothetical Spectre or Meltdown attack against OS/2-based systems. We continue to monitor the available information and will adjust our strategy as conditions require.

Arca Noae’s current recommendations

For virtualized and bare metal installations, Arca Noae recommends only running software obtained from trusted sources. Per stand practice, reasonable security precautions should be taken when accessing the internet, particularly when visiting unfamiliar or untrusted sites, and browser cache should be cleared regularly. The use of a NAT firewall is also encouraged (either a separate one, as built into a broadband router or at a minimum, a software firewall running on the local OS/2 system, such as InJoy Firewall).

Because a malicious application designed to utilize one of these exploits would have to be downloaded or copied to the target OS/2 system and then executed locally, normal malware protections remain the best first line of defense.

For virtualized installations, Arca Noae recommends applying to the host system whatever patches are made available and recommended by the developer of the host operating system.

Updates

2019-02-14: Security researchers apparently conclude in this whitepaper that Spectre cannot be entirely mitigated at the software level.

2019-10-07: Intel engineers have proposed (official/latest Intel PDF, here) a new memory type, speculative-access protected memory (SAPM), to mitigate a common factor in side-channel attacks which access cache/memory.

Links

Official information

Spectre CVEs:

CVE-2017-5753

CVE-2017-5715

Meltdown CVE:

CVE-2017-5754

Mozilla Security Blog

CERT: CPU hardware vulnerable to side-channel attacks

Intel: Facts about side-channel analysis and Intel products

AMD: An update on AMD processor security

ArcaOS

Our first ever Black Friday Sale!

Arca Noae is launching our first ever Black Friday Sale!

If you’ve been waiting to get an ArcaOS license, either as a return to OS/2 after a long absence or because you’ve heard the buzz about the breakthrough Blue Lion distribution, or even if you’re a current ArcaOS licensee and want an additional license or two — or three — for some other systems, now is the time.

ArcaOS 5.0 personal edition licenses are on sale for just $109 from now through the end of 2017. Personal edition licenses include six months of support and updates, and after that, annual support renewals are available for a great price.

ArcaOS 5.0 commercial edition licenses are on sale for just $195 from now through the end of 2017, and include a full year of support and updates.

Get your ArcaOS licenses while they’re available at these great discounts!