Steven J. Vaughan-Nichols, writing for ZDNet: Matthew Garrett, the well-known Linux and security developer who works for Google, explained recently that, "Intel chipsets for some years have included a Management Engine [ME], a small microprocessor that runs independently of the main CPU and operating system. Various pieces of software run on the ME, ranging from code to handle media DRM to an implementation of a TPM. AMT [Active Management Technology] is another piece of software running on the ME." [...] At a presentation at Embedded Linux Conference Europe, Ronald Minnich, a Google software engineer reported that systems using Intel chips that have AMT, are running MINIX. So, what's it doing in Intel chips? A lot. These processors are running a closed-source variation of the open-source MINIX 3. We don't know exactly what version or how it's been modified since we don't have the source code. In addition, thanks to Minnich and his fellow researchers' work, MINIX is running on three separate x86 cores on modern chips. There, it's running: TCP/IP networking stacks (4 and 6), file systems, drivers (disk, net, USB, mouse), web servers. MINIX also has access to your passwords. It can also reimage your computer's firmware even if it's powered off. Let me repeat that. If your computer is "off" but still plugged in, MINIX can still potentially change your computer's fundamental settings. And, for even more fun, it "can implement self-modifying code that can persist across power cycles." So, if an exploit happens here, even if you unplug your server in one last desperate attempt to save it, the attack will still be there waiting for you when you plug it back in. How? MINIX can do all this because it runs at a fundamentally lower level. [...] According to Minnich, "there are big giant holes that people can drive exploits through." He continued, "Are you scared yet? If you're not scared yet, maybe I didn't explain it very well, because I sure am scared." Also read: Andrew S. Tanenbaum's (a professor of Computer Science at Vrije Universiteit) open letter to Intel.
#NetNeutrality is STILL in danger - Click here to help. DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Check out the new SourceForge HTML5 Internet speed test. ×
LichtSpektren writes: Andrew Tanenbaum, author of MINIX, writes: 'MINIX has been around now for about 30 years so it is (finally) time for the MINIXers to have a conference to get together, just as Linuxers and BSDers have been doing for a long time. The idea is to exchange ideas and experiences among MINIX 3 developers and users as well as discussing possible paths forward now that the ERC funding is over. Future developments will now be done like in any other volunteer-based open-source project. Increasing community involvement is a key issue here. Attend or give a presentation.' The con will be held on 1 February 2016 at the Vrije Universiteit in Amsterdam, the Netherlands.
blueshift_1 writes: If you have 50TB of data that you'd like to put on the S3 cloud, Amazon is releasing Snowball. It's basically a large grey box full of hard drives that Amazon will mail to you. Simply upload your files and mail it back — they will upload it for you. For $200 + shipping, it's at a pretty reasonable price point if you're tired of hosting your data and want to try and push that to AWS. ("Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway." -Tanenbaum, Andrew S.)
When Linus Torvalds first announced his new operating system project ("just a hobby, won't be big and professional like gnu"), he aimed the announcement at users of Minix for a good reason: Minix (you can download the latest from the Minix home page) was the kind of OS that tinkerers could afford to look at, and it was intended as an educational tool. Minix's creator, Professor Andrew Stuart "Andy" Tanenbaum, described his academic-oriented microkernel OS as a hobby, too, in the now-famous online discussion with Linus and others. New submitter Thijssss (655388) writes with word that Tanenbaum, whose educational endeavors led indirectly to the birth of Linux, is finally retiring. "He has been at the Vrije Universiteit for 43 years, but everything must eventually end."
An anonymous reader points out an interesting, detailed interview with Andrew Tanenbaum at Linuxfr.org; Tanenbaum holds forth on the current state of MINIX, licensing decisions, and the real reason he believes that Linux caught on just when he "thought BSD was going to take over the world." ("I think Linux succeeded against BSD, which was a stable mature system at the time simply because BSDI got stuck in a lawsuit and was effectively stopped for several years.")
An anonymous reader points out a recent article at Gamesradar discussing the frequency of major bugs and technical issues in freshly-released video games. While such issues are often fixed with updates, questions remain about the legality and ethics of rushing a game to launch. Quoting: "As angry as you may be about getting a buggy title, would you want the law to get involved? Meglena Kuneva, EU Consumer Affairs Commissioner, is putting forward legislation that would legally oblige digital game distributors to give refunds for games, putting games in the same category in consumer law as household appliances. ... This call to arms has been praised by tech expert Andy Tanenbaum, author of books like Operating Systems: Design and Implementation. 'I think the idea that commercial software be judged by the same standards as other commercial products is not so crazy,' he says. 'Cars, TVs, and telephones are all expected to work, and they are full of software. Why not standalone software? I think such legislation would put software makers under pressure to first make sure their software works, then worry about more bells and whistles.'"
narramissic writes "A Dutch university has received a $3.3 million grant from the European Research Council to fund 5 more years of work on a Unix-type operating system, called Minix, that aims to be more reliable and secure than either Linux or Windows. The latest grant will enable the three researchers and two programmers on the project to further their research into a making Minix capable of fixing itself when a bug is detected, said Andrew S. Tanenbaum, a computer science professor at Vrije Universiteit. 'It irritates me to no end when software doesn't work,' Tanenbaum said. 'Having to reboot your computer is just a pain. The question is, can you make a system that actually works very well?'"
chris_eineke writes "I like to read and to collect good books related to computer science. I'm talking about stuff like the classic textbooks (Introduction to Algorithms 2nd ed., Tanenbaum's Operating Systems series) and practitioners' books (The Practice of Programming, Code Complete) and all-around excellent books (Structure and Interpretation of Computer Programs, Practical Common Lisp). What's your stocking-stuffer book this Christmas? What books have been sitting on your shelves that you think are the best ones of their kind? Which ones do you think are -1 Overrated? (All links are referral-free.)"
ficken writes "The great conversation about micro vs. monolithic kernel is still alive and well. Andy Tanenbaum weighs in with another article about the virtues of microkernels. From the article: 'Over the years there have been endless postings on forums such as Slashdot about how microkernels are slow, how microkernels are hard to program, how they aren't in use commercially, and a lot of other nonsense. Virtually all of these postings have come from people who don't have a clue what a microkernel is or what one can do. I think it would raise the level of discussion if people making such postings would first try a microkernel-based operating system and then make postings like "I tried an OS based on a microkernel and I observed X, Y, and Z first hand." Has a lot more credibility.'"
MrShaggy writes "According to a BBC article, researchers have been able to make the jump between RFID tags and viruses. They found that the mere act of scanning a mere 127 bytes could cause an attack vector that would corrupt databases. From the article;'"This is intended as a wake-up call," said Andrew Tanenbaum, one of the researchers in the computer science department at Amsterdam's Free University that did the work revealing the weaknesses on smart tags. "We ask the RFID industry to design systems that are secure," he said.'"
twasserman writes "Andy Tanenbaum's recent article in the May 2006 issue of IEEE Computer restarted the longstanding Slashdot discussion about microkernels. He has posted a message on his website that responds to the various comments, describes numerous microkernel operating systems, including Minix3, and addresses his goal of building highly reliable, self-healing operating systems."
bariswheel writes "In a paper co-authored by the Microkernel Maestro Andrew Tanenbaum, the fragility of modern kernels are addressed: "Current operating systems have two characteristics that make them unreliable and insecure: They are huge and they have very poor fault isolation. The Linux kernel has more than 2.5 million lines of code; the Windows XP kernel is more than twice as large." Consider this analogy: "Modern ships have multiple compartments within the hull; if one compartment springs a leak, only that one is flooded, not the entire hull. Current operating systems are like ships before compartmentalization was invented: Every leak can sink the ship." Clearly one argument here is security and reliability has surpassed performance in terms of priorities. Let's see if our good friend Linus chimes in here; hopefully we'll have ourselves another friendly conversation."
Guillaume Pierre writes "Andy Tanenbaum announced the availability of the next version of the Minix operating system. "MINIX 3 is a new open-source operating system designed to be highly reliable and secure. This new OS is extremely small, with the part that runs in kernel mode under 4000 lines of executable code. The parts that run in user mode are divided into small modules, well insulated from one another. For example, each device driver runs as a separate user-mode process so a bug in a driver (by far the biggest source of bugs in any operating system), cannot bring down the entire OS. In fact, most of the time when a driver crashes it is automatically replaced without requiring any user intervention, without requiring rebooting, and without affecting running programs. These features, the tiny amount of kernel code, and other aspects greatly enhance system reliability."In case anyone wonders: yes, he still thinks that micro-kernels are more reliable than monolithic kernels ;-) Disclaimer: I am the chief architect of Globule, the experimental content-distribution network used to host www.minix3.org."
An anonymous reader writes "Electoral-vote.com (and mirrors electoral-vote2.com through electoral-vote8.com) seem to be very slow at the moment. Votemaster ( A. Tanenbaum) just posted 'All the servers appear to be under attack now, also DNS. I added another large multiprocessor but it doesn't seem to help much. I don't this is going to work. Sorry.' Massive attack or just a large flash crowd? Anybody up for some mirroring so votemaster can concentrate on the polls?" Reader fishwack writes with word that as of 3:46GMT (10:46 PM Eastern time in the U.S.) "the Federal Electoral Commission's Web site is down."
dealsites asks: "Recently, The Electorial Vote website run by Andrew Tanenbaum was hit with a triple-threat. Not only was it Slashdotted, it was hit with a DDOS attack in conjunction with the busiest normal traffic day, due to the election. Netcraft has an article detailing the steps taken to mitigate the traffic. Andrew's host provider is also the provider of my site. I'm sure were are on separate servers, him a dedicated server and semi-dedicated hardware for myself, but I noticed dramatic slowdowns of my site during this triple-threat traffic onslaught to Andrew's site. Are there any techniques other than throwing more CPUs and bandwidth at the problem to remedy this type of situation? I'm sure I can't be the only one that has noticed this. Any comments on other similar stories?"
Stephan Schulz writes "Andrew Tanenbaum has rebutted Ken Brown's reply to his original comments on the (in)famous AdTI report on Linux's origin. It's quite entertaining, and leaves little doubt (well, even less than before) that Brown is conciously twisting the truth. Choice excerpt: 'I'm pretty animated all the time. But I only get tense when people try to put words in my mouth. After half an hour of repeatedly answering the question "Could Linus have written the Linux kernel by himself?" in the affirmative, I was getting a bit irritated. ... People who know me would probably confirm that I do not suffer fools gladly.' I'd add that being called 'the good Professor' repeatedly would have me exploding in no time..."
An anonymous reader writes "Yes, I know it's getting boring by now, but the truth must be told... the latest Unix celebrity to come forward and criticise Ken Brown/ADTI is Unix pioneer Dennis Ritchie. The gist is that Brown is claiming an 'extensive interview' with Ritchie but this was actually limited to a single email exchange and a follow-up call from one of Brown's lackeys checking one or two facts." Reader markrages writes "Ken Brown (of the Alexis de Tocqueville Institution) replies to his critics. Dr. Tanenbaum is an 'animated, but tense individual about the topic of rights and attribution'. The GNU/Linux naming issue also makes an appearance."
akahige writes "Fresh from the debunking of the 'Linus couldn't possibly have written an OS without ripping someone off' book published by the Alexis de Tocqueville Institution, Tanenbaum has published an email he got from the consultant hired to do the code comparison between MINIX and Linux. Among other juicy comments, 'pay no attention to this man.' (There was no stolen code, either.) In related matters, ESR was apparently sent a pre-release excerpt of the book which he completely eviscerates with his usual zeal. Another story on NewsForge." See our previous stories if you're coming to this late.
Andy Tanenbaum writes "Ken Brown has just released a book on open source code. In it, he claims (1) to have interviewed me, and (2) that Linus Torvalds didn't write Linux. I think Brown is batting .500, which is not bad for an amateur (for people other than Americans, Japanese, and Cubans, this is an obscure reference to baseball). Since I am one of the principals in this matter, I thought it might be useful for me to put my 2 eurocents' worth into the hopper. If you were weren't hacking much code in the 1980s, you might learn something." Tanenbaum's description of the interview process with Brown is classic. See also Slashdot's original story and Linus' reply.