Today Slashdot user Roeland Jansen writes: After some tracking, racing and other stuff...PC-MOS/386 v5.01 is open source under GPLv3. Back in May he'd posted to a virtualization site that "I still have the source tapes. I want(ed) to make it GPL and while I got an OK on it, I haven't had time nor managed to get it legalized. E.g. lift the NDA and be able to publish."
1987 magazine ads described it as "the gateway to the latest technology...and your networking future," and 30 years later its release on GitHub includes sources and executables. "In concert with Gary Robertson and Rod Roark it has been decided to place all under GPL v3."
What is the best working environment for a developer, offering flexibility, performance and some level of free choice, without compromising security, compliance, licensing (etc.) requirements? I would like you to share your experiences on BYOD, desktop virtualization, etc. and the level of satisfaction of the developers.
"We are nine weeks away," TrendMicro posted Wednesday, pointing out that they're giving out over $1 million in bounties, including the following:
- $100,000 for escaping a virtualization hypervisor
- $80,000 for a Microsoft Edge or Google Chrome exploit
- $50,000 for an exploit of Adobe Reader, Microsoft Word, Excel or PowerPoint
- $50,000 for an Apple Safari exploit
- $30,000 for a Firefox exploit
- $30,000, $20,000 and $15,000 for privilege-escalating kernel vulnerabilities on Windows, macOS and Linux (respectively)
- $200,000 for an Apache Web Server exploit
"Instead of having parts of a program thrown at /usr/bin, other parts at /etc and yet more parts thrown at /usr/share/something/or/another, each program gets its own directory tree, keeping them all neatly separated and allowing you to see everything that's installed in the system and which files belong to which programs in a simple and obvious way."
[In a technical paper released over the past weekend, the researchers described their attacks:] "We show how a malicious hypervisor can force the guest to perform arbitrary read and write operations on protected memory. We describe how to completely disable any SEV memory protection configured by the tenant. We implement a replay attack that uses captured login data to gain access to the target system by solely exploiting resource management features of a hypervisor." AMD is scheduled to ship SEV with the Zen processor line in the first quarter of 2017.
386BSD takes us back to the days when you could count every file in your Unix distribution and more importantly, read and understand all of your OS source code. 386BSD is also the missing link between BSD and Linux. One can find fragments of Linus Torvalds's math emulation code in the source code of 386BSD. To quote Linus: "If 386BSD had been available when I started on Linux, Linux would probably never had happened."
Though it was designed for Intel 80386 microprocessors, there's already instructions for launching it on the hosted hardware virtualization service Qemu.
"A malicious, paravirtualized guest administrator can raise their system privileges to that of the host on unpatched installations," according to an article in IT News, which quotes Xen as saying "The bits considered safe were too broad, and not actually safe." IT News is also reporting that Qubes will move to full hardware memory virtualization in its next 4.0 release. Xen's hypervisor "is used by cloud giants Amazon Web Services, IBM and Rackspace," according to the article, which quotes a Qubes security researcher who asks the age-old question. "Has Xen been written by competent developers? How many more bugs of this caliber are we going to witness in the future?"