DOCSLIB.ORG

U-Root: a Go-Based, Firmware Embeddable Root File System with On-Demand Compilation Ronald G

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
U-Root: a Go-Based, Firmware Embeddable Root File System with On-Demand Compilation Ronald G U-root: A Go-based, Firmware Embeddable Root File System with On-demand Compilation Ronald G. Minnich, Google; Andrey Mirtchovski, Cisco https://www.usenix.org/conference/atc15/technical-session/presentation/minnich This paper is included in the Proceedings of the 2015 USENIX Annual Technical Conference (USENIC ATC ’15). July 8–10, 2015 • Santa Clara, CA, USA ISBN 978-1-931971-225 Open access to the Proceedings of the 2015 USENIX Annual Technical Conference (USENIX ATC ’15) is sponsored by USENIX. U-root: A Go-based, firmware embeddable root file system with on-demand compilation Ronald G. Minnich Andrey Mirtchovski Google Cisco Abstract booted long enough to boot another kernel; in others, the kernel that is booted and the file system it contains con- U-root is an embeddable root file system intended to be stitute the operational environment of the device[15]. placed in a FLASH device as part of the firmware im- These so-called “embedded root file systems” also age, along with a Linux kernel. The program source contain a set of standard Unix-style programs used for code is installed in the root file system contained in the both normal operation and maintenance. Space on the firmware FLASH part and compiled on demand. All the device is at a premium, so these programs are usually u-root utilities, roughly corresponding to standard Unix written in C using, e.g., the BusyBox toolkit[26]; or in an utilities, are written in Go, a modern, type-safe language interpretive languages, such as Perl[24] or Forth. Busy- with garbage collection and language-level support for Box in particular has found wide usage in embedded ap- concurrency and inter-process communication. pliance environments, as the entire root file system can Unlike most embedded root file systems, which con- be contained in under one MiB. sist largely of binaries, U-root has only five: an init pro- Embedded systems, which were once standalone, gram and 4 Go compiler binaries. When a program is are now almost always network connected. Network- first run, it and any not-yet-built packages it uses are connected systems face a far more challenging security compiled to a RAM-based file system. The first invo- environment than even a few years ago. In response to cation of a program takes a fraction of a second, as it is the many successful attacks against shell interpreters[11] compiled. Packages are only compiled once, so the slow- and C programs[8], we have started to look at using a est build is always the first one, on boot, which takes more secure, modern language in embedded root file sys- about 3 seconds. Subsequent invocations are very fast, tems, namely, Go[21][16]. usually a millisecond or so. Go is a new systems programming language created U-root blurs the line between script-based distros by Google. Go has strong typing; language level support such as Perl Linux[24] and binary-based distros such as for concurrency; inter-process communication via chan- BusyBox[26]; it has the flexibility of Perl Linux and the nels, a la Occam[13], Limbo[17], and Alef[27]; runtime performance of BusyBox. Scripts and builtins are writ- type safety and other protective measures; dynamic al- ten in Go, not a shell scripting language. U-root is a new location and garbage collection; closures; and a package way to package and distribute file systems for embedded syntax, similar to Java, that makes it easy to determine systems, and the use of Go promises a dramatic improve- what packages a given program needs. ment in their security. The modern language constructs make Go a much safer language than C. This safety is critical for network- Introduction attached embedded systems, which usually have network utilities written in C, including web servers, network Embedding kernels and root file systems in BIOS servers including sshd, and programs that provide ac- FLASH is a common technique for gaining boot time cess to a command interpreter, itself written in C. All are performance and platform customization[25][14][23]. proving to be vulnerable to the attack-rich environment Almost all new firmware includes a multiprocess oper- that the Internet has become. Buffer overflow attacks ating system with a full complement of file systems, net- affecting C-based firmware code (among other things) work drivers, and protocol stacks, contained in an em- in 2015 include GHOST and the so-called FSVariable.c bedded file system. In some cases, the kernel is only bug in Intel’s UEFI firmware. Buffer overflows in Intel’s USENIX Association 2015 USENIX Annual Technical Conference 577 UEFI and Active Management Technology (AMT)have if the build succeeds, the command is executed. This also been discovered in several versions in recent years. first invocation takes a fraction of a second, depending Both UEFI[12] and AMT[4] are embedded operating on program complexity; after that, the RAM-based, stat- systems, loaded from FLASH, that run network-facing ically linked binaries run in about a millisecond. software; attacks against UEFI have been extensively U-root blurs the boundary between script-based root studied[9]. Most printers are network-attached and are file systems such as Perl Linux[24] and binary-based root a very popular exploitation target[6]. file systems such as BusyBox[26]; it has the flexibility of Firmware is not visible to most users and is up- Perl Linux and the performance of BusyBox. Scripts are dated much less frequently (if at all) than programs. written in Go, not a shell scripting language, with two It is the first software to run, at power on reset. Ex- benefits: the shell can be simple, with fewer corner cases; ploits in firmware are extremely difficult to detect, be- and the scripting environment is substantially improved, cause firmware is designed to be as invisible as possible. since Go is more powerful than most shell scripting lan- Firmware is extremely complex; UEFI is roughly equiv- guages, but also less fragile and less prone to parsing alent in size and capability to a Unix kernel. Firmware bugs. is usually closed and proprietary, with nowhere near the level of testing of kernels. These properties make firmware an ideal place for so-called advanced persistent The U-root design threats[10][18][5]. Once an exploit is installed, it is al- The u-root boot image is a build toolchain and a set of most impossible to remove, since the exploit can inhibit programs in source form. When first used, a program its removal by corrupting the firmware update process. and any needed but not-yet-built packages are built and The only sure way to mitigate a firmware exploit is to installed, typically in a fraction of a second. On second destroy the hardware. and later uses, the binary is executed. The root file sys- Even the most skilled programmers make simple mis- tem is almost entirely unformed on boot; /init sets up the takes that in C can be fatal, especially on network- key directories and mounts, including common ones such connected systems; nowadays, even the lowest-level as /etc and /proc. firmware in our PCs, printers, and thermostats is Since the init program itself is only 132 lines of code network-connected. These mistakes are either impossi- and is easy to change, the structure is very flexible and ble to make in Go or, if made, are detected at runtime and allows for many use cases. result in the program exiting. Perhaps surprisingly, the case for using a high-level, safe language like Go in very Additional binaries: if the 3 seconds it takes to get • low level embedded firmware might be stronger than for to a shell is too long (some applications such as au- user programs, because exploits at the firmware level are tomotive computing require 800 ms startup time), nearly impossible to detect and mitigate. and there is room in FLASH, some programs can The challenge to using Go in a storage-constrained en- be precompiled into /bin. vironment such as firmware is that advanced language features lead to big binaries. Even a date program is Build it all on boot: if on-demand compilation is not • about 2 MiB. One Go binary, implementing one func- desired, a background thread in the init process can tion, is twice as large as a BusyBox binary implement- build all the programs on boot. ing many functions. As of this writing, a typical BIOS FLASH part is 16 MiB. Fitting many Go binaries into a Selectively remove binaries after use: if RAM space • single BIOS flash part is not practical. is at a premium, once booted, a script can remove The Go compiler is very fast and its sheer speed points everything in /bin; those things that are used will be to a solution: to compile programs only when they are rebuilt on demand. used. We can build a root file system which has almost no binaries except the Go compiler itself. The compiled Always build on demand: it is possible to run in a • programs and packages can be saved to a RAM-based mode in which programs are never written to /bin file system. and always rebuilt on demand; this mode is surpris- U-root is our proof of concept of this idea. U-root con- ingly comfortable to use, given that program com- tains only 5 binaries, 4 of them from the Go toolchain, pilation is so fast1. and the 5th an init binary. The rest of the programs Lockdown: if desired, the system can be locked are contained in BIOS FLASH in source form, includ- • ing packages.
Load more

Recommended publications
  • Beyond BIOS Developing with the Unified Extensible Firmware Interface
    Digital Edition Digital Editions of selected Intel Press books are in addition to and complement the printed books. Click the icon to access information on other essential books for Developers and IT Professionals Visit our website at www.intel.com/intelpress Beyond BIOS Developing with the Unified Extensible Firmware Interface Second Edition Vincent Zimmer Michael Rothman Suresh Marisetty Copyright © 2010 Intel Corporation. All rights reserved. ISBN 13 978-1-934053-29-4 This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is sold with the understanding that the publisher is not engaged in professional services. If professional advice or other expert assistance is required, the services of a competent professional person should be sought. Intel Corporation may have patents or pending patent applications, trademarks, copyrights, or other intellectual property rights that relate to the presented subject matter. The furnishing of documents and other materials and information does not provide any license, express or implied, by estoppel or otherwise, to any such patents, trademarks, copyrights, or other intellectual property rights. Intel may make changes to specifications, product descriptions, and plans at any time, without notice. Fictitious names of companies, products, people, characters, and/or data mentioned herein are not intended to represent any real individual, company, product, or event. Intel products are not intended for use in medical, life saving, life sustaining, critical control or safety systems, or in nuclear facility applications. Intel, the Intel logo, Celeron, Intel Centrino, Intel NetBurst, Intel Xeon, Itanium, Pentium, MMX, and VTune are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
    [Show full text]
  • Administering Unidata on UNIX Platforms
    C:\Program Files\Adobe\FrameMaker8\UniData 7.2\7.2rebranded\ADMINUNIX\ADMINUNIXTITLE.fm March 5, 2010 1:34 pm Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta UniData Administering UniData on UNIX Platforms UDT-720-ADMU-1 C:\Program Files\Adobe\FrameMaker8\UniData 7.2\7.2rebranded\ADMINUNIX\ADMINUNIXTITLE.fm March 5, 2010 1:34 pm Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Notices Edition Publication date: July, 2008 Book number: UDT-720-ADMU-1 Product version: UniData 7.2 Copyright © Rocket Software, Inc. 1988-2010. All Rights Reserved. Trademarks The following trademarks appear in this publication: Trademark Trademark Owner Rocket Software™ Rocket Software, Inc. Dynamic Connect® Rocket Software, Inc. RedBack® Rocket Software, Inc. SystemBuilder™ Rocket Software, Inc. UniData® Rocket Software, Inc. UniVerse™ Rocket Software, Inc. U2™ Rocket Software, Inc. U2.NET™ Rocket Software, Inc. U2 Web Development Environment™ Rocket Software, Inc. wIntegrate® Rocket Software, Inc. Microsoft® .NET Microsoft Corporation Microsoft® Office Excel®, Outlook®, Word Microsoft Corporation Windows® Microsoft Corporation Windows® 7 Microsoft Corporation Windows Vista® Microsoft Corporation Java™ and all Java-based trademarks and logos Sun Microsystems, Inc. UNIX® X/Open Company Limited ii SB/XA Getting Started The above trademarks are property of the specified companies in the United States, other countries, or both. All other products or services mentioned in this document may be covered by the trademarks, service marks, or product names as designated by the companies who own or market them. License agreement This software and the associated documentation are proprietary and confidential to Rocket Software, Inc., are furnished under license, and may be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice.
    [Show full text]
  • Oracle® Linux 7 Release Notes for Oracle Linux 7.2
    Oracle® Linux 7 Release Notes for Oracle Linux 7.2 E67200-22 March 2021 Oracle Legal Notices Copyright © 2015, 2021 Oracle and/or its affiliates. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are "commercial computer software" or "commercial computer software documentation" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, reproduction, duplication, release, display, disclosure, modification, preparation of derivative works, and/or adaptation of i) Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs), ii) Oracle computer documentation and/or iii) other Oracle data, is subject to the rights and limitations specified in the license contained in the applicable contract.
    [Show full text]
  • CNTR: Lightweight OS Containers
    CNTR: Lightweight OS Containers Jorg¨ Thalheim, Pramod Bhatotia Pedro Fonseca Baris Kasikci University of Edinburgh University of Washington University of Michigan Abstract fundamental to achieve high efficiency in virtualized datacenters and enables important use-cases, namely Container-based virtualization has become the de-facto just-in-time deployment of applications. Moreover, standard for deploying applications in data centers. containers significantly reduce operational costs through However, deployed containers frequently include a higher consolidation density and power minimization, wide-range of tools (e.g., debuggers) that are not required especially in multi-tenant environments. Because of all for applications in the common use-case, but they these advantages, it is no surprise that containers have seen are included for rare occasions such as in-production wide-spread adoption by industry, in many cases replacing debugging. As a consequence, containers are significantly altogether traditional virtualization solutions [17]. larger than necessary for the common case, thus increasing the build and deployment time. Despite being lightweight, deployed containers often include a wide-range of tools such as shells, editors, CNTR1 provides the performance benefits of lightweight coreutils, and package managers. These additional tools containers and the functionality of large containers by are usually not required for the application’s core function splitting the traditional container image into two parts: the — the common operational use-case — but they are “fat” image — containing the tools, and the “slim” image included for management, manual inspection, profiling, — containing the main application. At run-time, CNTR and debugging purposes [64]. In practice, this significantly allows the user to efficiently deploy the “slim” image and increases container size and, in turn, translates into then expand it with additional tools, when and if necessary, slower container deployment and inefficient datacenter by dynamically attaching the “fat” image.
    [Show full text]
  • Text Processing Tools
    Tools for processing text David Morgan Tools of interest here sort paste uniq join xxd comm tr fmt sed fold head file tail dd cut strings 1 sort sorts lines by default can delimit fields in lines ( -t ) can sort by field(s) as key(s) (-k ) can sort fields of numerals numerically ( -n ) Sort by fields as keys default sort sort on shell (7 th :-delimited) field UID as secondary (tie-breaker) field 2 Do it numerically versus How sort defines text ’s “fields ” by default ( a space character, ascii 32h = ٠ ) ٠bar an 8-character string ٠foo “By default, fields are separated by the empty string between a non-blank character and a blank character.” ٠bar separator is the empty string between non-blank “o” and the space ٠foo 1 2 ٠bar and the string has these 2 fields, by default ٠foo 3 How sort defines text ’s “fields ” by –t specification (not default) ( a space character, ascii 32h = ٠ ) ٠bar an 8-character string ٠foo “ `-t SEPARATOR' Use character SEPARATOR as the field separator... The field separator is not considered to be part of either the field preceding or the field following ” separators are the blanks themselves, and fields are ' "٠ " ٠bar with `sort -t ٠foo whatever they separate 12 3 ٠bar and the string has these 3 fields ٠foo data sort fields delimited by vertical bars field versus sort field ("1941:japan") ("1941") 4 sort efficiency bubble sort of n items, processing grows as n 2 shell sort as n 3/2 heapsort/mergesort/quicksort as n log n technique matters sort command highly evolved and optimized – better than you could do it yourself Big -O: " bogdown propensity" how much growth requires how much time 5 sort stability stable if input order of key-equal records preserved in output unstable if not sort is not stable GNU sort has –stable option sort stability 2 outputs, from same input (all keys identical) not stable stable 6 uniq operates on sorted input omits repeated lines counts them uniq 7 xxd make hexdump of file or input your friend testing intermediate pipeline data cf.
    [Show full text]
  • Developer Guide(KAE Encryption & Decryption)
    Kunpeng Acceleration Engine Developer Guide(KAE Encryption & Decryption) Issue 15 Date 2021-08-06 HUAWEI TECHNOLOGIES CO., LTD. Copyright © Huawei Technologies Co., Ltd. 2021. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd. Trademarks and Permissions and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders. Notice The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied. The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied. Issue 15 (2021-08-06) Copyright © Huawei Technologies Co., Ltd. i Kunpeng Acceleration Engine Developer Guide(KAE Encryption & Decryption) Contents Contents 1 Overview....................................................................................................................................1
    [Show full text]
  • QLOAD Queue Load / Unload Utility for IBM MQ
    Queue Load / Unload Utility for IBM MQ User Guide Version 9.1.1 27th August 2020 Paul Clarke MQGem Software Limited [email protected] Queue Load / Unload Utility for IBM MQ Take Note! Before using this User's Guide and the product it supports, be sure to read the general information under "Notices” Twenty-fourth Edition, August 2020 This edition applies to Version 9.1.1 of Queue Load / Unload Utility for IBM MQ and to all subsequent releases and modifications until otherwise indicated in new editions. (c) Copyright MQGem Software Limited 2015, 2020. All rights reserved. ii Queue Load / Unload Utility for IBM MQ Notices The following paragraph does not apply in any country where such provisions are inconsistent with local law. MQGEM SOFTWARE LIMITED PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore this statement may not apply to you. The information contained in this document has not be submitted to any formal test and is distributed AS IS. The use of the information or the implementation of any of these techniques is a customer responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. While each item has been reviewed by MQGem Software for accuracy in a specific situation, there is no guarantee that the same or similar results will be obtained elsewhere.
    [Show full text]
  • Designing PCI Cards and Drivers for Power Macintosh Computers
    Designing PCI Cards and Drivers for Power Macintosh Computers Revised Edition Revised 3/26/99 Technical Publications © Apple Computer, Inc. 1999 Apple Computer, Inc. Adobe, Acrobat, and PostScript are Even though Apple has reviewed this © 1995, 1996 , 1999 Apple Computer, trademarks of Adobe Systems manual, APPLE MAKES NO Inc. All rights reserved. Incorporated or its subsidiaries and WARRANTY OR REPRESENTATION, EITHER EXPRESS OR IMPLIED, WITH No part of this publication may be may be registered in certain RESPECT TO THIS MANUAL, ITS reproduced, stored in a retrieval jurisdictions. QUALITY, ACCURACY, system, or transmitted, in any form America Online is a service mark of MERCHANTABILITY, OR FITNESS or by any means, mechanical, Quantum Computer Services, Inc. FOR A PARTICULAR PURPOSE. AS A electronic, photocopying, recording, Code Warrior is a trademark of RESULT, THIS MANUAL IS SOLD “AS or otherwise, without prior written Metrowerks. IS,” AND YOU, THE PURCHASER, ARE permission of Apple Computer, Inc., CompuServe is a registered ASSUMING THE ENTIRE RISK AS TO except to make a backup copy of any trademark of CompuServe, Inc. ITS QUALITY AND ACCURACY. documentation provided on Ethernet is a registered trademark of CD-ROM. IN NO EVENT WILL APPLE BE LIABLE Xerox Corporation. The Apple logo is a trademark of FOR DIRECT, INDIRECT, SPECIAL, FrameMaker is a registered Apple Computer, Inc. INCIDENTAL, OR CONSEQUENTIAL trademark of Frame Technology Use of the “keyboard” Apple logo DAMAGES RESULTING FROM ANY Corporation. (Option-Shift-K) for commercial DEFECT OR INACCURACY IN THIS purposes without the prior written Helvetica and Palatino are registered MANUAL, even if advised of the consent of Apple may constitute trademarks of Linotype-Hell AG possibility of such damages.
    [Show full text]
  • Introduction Use Runit with Traditional Init (Sysvinit)
    2021/07/26 19:10 (UTC) 1/12 Runit Runit Introduction runit is a UNIX init scheme with service supervision. It is a cross-platform Unix init scheme with service supervision, a replacement for sysvinit, and other init schemes and supervision that are used with the traditional init. runit is compatible with djb's daemontools. In Unix-based computer operating systems, init (short for initialization) is the first process started during booting of the computer system. Init is a daemon process that continues running until the system is shut down. Slackware comes with its own legacy init (/sbin/init) from the sysvinit package, that used to be included in almost all other major Linux distributions. The init daemon (or its replacement) is characterised by Process ID 1 (PID 1). To read on the benefits of runit, see here: http://smarden.org/runit/benefits.html * Unless otherwise stated, all commands in this article are to be run by root. Use runit with traditional init (sysvinit) runit is not provided by Slackware, but a SlackBuild is maintained on https://slackbuilds.org/. It does not have any dependencies. As we do not want yet to replace init with runit, run the slackbuild with CONFIG=no: CONFIG=no ./runit.SlackBuild Then install the resulting package and proceed as follows: mkdir /etc/runit/ /service/ cp -a /usr/doc/runit-*/etc/2 /etc/runit/ /sbin/runsvdir-start & Starting via rc.local For a typical Slackware-stlyle service, you can edit /etc/rc.d/rc.local file if [ -x /sbin/runsvdir-start ]; then /sbin/runsvdir-start & fi and then edit write /etc/rc.d/rc.local_shutdown #!/bin/sh SlackDocs - https://docs.slackware.com/ Last update: 2020/05/06 08:08 (UTC) howtos:slackware_admin:runit https://docs.slackware.com/howtos:slackware_admin:runit RUNIT=x$( /sbin/pidof runsvdir ) if [ "$RUNIT" != x ]; then kill $RUNIT fi Then give rc.local_shutdown executive permission: chmod +x /etc/rc.d/rc.local_shutdown and reboot Starting via inittab (supervised) Remove the entries in /etc/rc.d/rc.local and /etc/rc.d/rc.local_shutdown described above.
    [Show full text]
  • The Linux Command Line
    The Linux Command Line Fifth Internet Edition William Shotts A LinuxCommand.org Book Copyright ©2008-2019, William E. Shotts, Jr. This work is licensed under the Creative Commons Attribution-Noncommercial-No De- rivative Works 3.0 United States License. To view a copy of this license, visit the link above or send a letter to Creative Commons, PO Box 1866, Mountain View, CA 94042. A version of this book is also available in printed form, published by No Starch Press. Copies may be purchased wherever fine books are sold. No Starch Press also offers elec- tronic formats for popular e-readers. They can be reached at: https://www.nostarch.com. Linux® is the registered trademark of Linus Torvalds. All other trademarks belong to their respective owners. This book is part of the LinuxCommand.org project, a site for Linux education and advo- cacy devoted to helping users of legacy operating systems migrate into the future. You may contact the LinuxCommand.org project at http://linuxcommand.org. Release History Version Date Description 19.01A January 28, 2019 Fifth Internet Edition (Corrected TOC) 19.01 January 17, 2019 Fifth Internet Edition. 17.10 October 19, 2017 Fourth Internet Edition. 16.07 July 28, 2016 Third Internet Edition. 13.07 July 6, 2013 Second Internet Edition. 09.12 December 14, 2009 First Internet Edition. Table of Contents Introduction....................................................................................................xvi Why Use the Command Line?......................................................................................xvi
    [Show full text]
  • Chapter 1. Origins of Mac OS X
    1 Chapter 1. Origins of Mac OS X "Most ideas come from previous ideas." Alan Curtis Kay The Mac OS X operating system represents a rather successful coming together of paradigms, ideologies, and technologies that have often resisted each other in the past. A good example is the cordial relationship that exists between the command-line and graphical interfaces in Mac OS X. The system is a result of the trials and tribulations of Apple and NeXT, as well as their user and developer communities. Mac OS X exemplifies how a capable system can result from the direct or indirect efforts of corporations, academic and research communities, the Open Source and Free Software movements, and, of course, individuals. Apple has been around since 1976, and many accounts of its history have been told. If the story of Apple as a company is fascinating, so is the technical history of Apple's operating systems. In this chapter,[1] we will trace the history of Mac OS X, discussing several technologies whose confluence eventually led to the modern-day Apple operating system. [1] This book's accompanying web site (www.osxbook.com) provides a more detailed technical history of all of Apple's operating systems. 1 2 2 1 1.1. Apple's Quest for the[2] Operating System [2] Whereas the word "the" is used here to designate prominence and desirability, it is an interesting coincidence that "THE" was the name of a multiprogramming system described by Edsger W. Dijkstra in a 1968 paper. It was March 1988. The Macintosh had been around for four years.
    [Show full text]
  • Practical Migration from IBM X86 to Linux on IBM System Z
    Front cover Practical Migration from x86 to Linux on IBM System z A guide to migrating popular applications and services from Linux on x86 to Linux on System z Practical guidance on planning, analysis, and TCO Comprehensive hands-on migration case study Lydia Parziale Eduardo Simoes Franco Craig Gardner Berthold Gunreben Tito Ogando Serkan Sahin ibm.com/redbooks International Technical Support Organization Practical Migration from x86 to Linux on IBM System z September 2014 SG24-8217-00 Note: Before using this information and the product it supports, read the information in “Notices” on page vii. First Edition (September 2014) This edition applies to z/VM Version 6.3, DB2 Version 10.5, SUSE Linux Enterprise Server Version 11, and Red Hat Enterprise Linux Version 6. Versions of other software components are incident to the versions available from the respective distributions referenced above. © Copyright International Business Machines Corporation 2014. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . vii Trademarks . viii Preface . ix Authors. ix Now you can become a published author, too! . xi Comments welcome. xii Stay connected to IBM Redbooks . xii Chapter 1. Benefits of migrating workloads to Linux on System z . 1 1.1 Benefits . 2 1.2 Reasons to select Linux on System z . 3 1.2.1 System z strengths . 3 1.3 A new type of information technology: Workload centric . 5 1.4 Workload-centric cloud . 7 1.5 Enterprise cloud computing blueprint for System z. 9 1.5.1 Empowered virtualization management: IBM Wave for z/VM.
    [Show full text]