1. 8

“Depending on the specific CPU and operating system features a customer’s application uses, the new Alpha V8.4-2L2 release could render performance improvements of between 15% and 50%. We have also observed RMS image sizes reduced by more than 270 blocks, due to more efficient code generation”

  1.  

  2. 6

    “the most secure operating system on the planet”

    Oh come on. They need to knock that off since people knowing it’s probably nonsense might think that about other claims. Especially VMS’s uptimes that sound too good to be true but are actually true. It certainly was more secure than many competitors back in its day with better privilege architecture, better QA, security-enhanced version with MAC, most stuff off by default, a high-assurance VMM almost hitting market, and only twenty-something CVE’s. That said, it’s been in life support mode barely getting updated by companies that didn’t give a damn about its security with competition constantly upgrading their security. At this time, all of the following are probably more secure as shipped or with CompSci prototypes considered: Windows, Linux, FreeBSD, and OpenBSD.

    Too bad, though, since it could have stayed in the lead except with a likely archaic interface due to legacy needs. Could’ve put some better interfaces in front of it. It might have been a nice number 3 to Linux and Windows in the cloud market given what it already had. “Clouds that don’t go down” or something.

    1. 3

      VSI is doing a great deal to change that, and actively developing and modernizing the system and working providing new features and compilers. I prefer working with VMS than Unix even today, for the most part, and the “feel” of the system just seems more sane to me and matches my personality.

      For years I used stuff like VX/DCL and nu/TPU on Unix to make it feel less alien, but finally was able to migrate to Vim which I now use everywhere :)

      1. 4

        I’m just talking about their security claim. I know they’re improving it. Exciting to see one of the higher-quality works of the past getting modernized. I like diversity instead of oligopolies on our software stacks. Far as DCL, I heard a lot of people liked it. I also want to play with VMS when it hits x86. :)

        1. 2

          It is sort of a nonsense claim and ignores important complexities like configuration but more reasoned slogans are nowhere near as catchy.

          “Historically, the most secure operating system on the planet” is even less sexy than “Only n remote holes in the default install, in as far as we can remember.” or “Secure at the C2-level when deployed identically to the Target of Evaluation”

          I’m eager to see the release notes when available and wonder what sort of optimizations they utilized and if these improvements are related to the compiler development work for the x86_64 port.

          1. 2

            They could try something like an “OS built for reliability and security from the beginning with two decades of high uptime for customers.” When looking for my links, I found yet another that posted 10+ years uptime on one of their systems or clusters. The uptime and recovery benefits are so good they don’t even need to bluff on best security given a market that’s desensitized to security breaches. They expect them thanks the competition. ;)

            “and wonder what sort of optimizations they utilized and if these improvements are related to the compiler development work for the x86_64 port.”

            Who knows. I hope they get it done quickly as I’d like a VMS system in my backup and security-by-diversity designs. On top of all the ordinary scenarios.

        2. 1

          I found the website for the makers of VX/DCL and nu/TPU, but couldn’t figure out how to actually download or buy either product. Not that I need them, since I was only briefly a VMS user (though it was in my formative years), but I would’ve liked to have played around with them.

          1. 2

            It seems they’ve totally redone the website since I last looked at it, I guess you would need to inquire on current pricing via the contact form. If you are looking to try out DCL, there are some good options.

            While it isn’t a complete set of tools like VX/TOOLS, http://jonesrh.info/dcll/ is a great site with good pointers if you want to try out DCL on something other than VMS or DEC systems is was most commonly used on (TOPS-20, RSX, RSTE/E, OSF/1, etc.)

            However, you are not going to have a “true” VMS experience on Unix (or NT). VX/TOOLS might be analogous to plan9port and the DCL products similar to running the rc shell on Unix.

             

            With UNIX, if you’re looking for something, you can easily and quickly check that small manual and find out that it’s not there. With VMS, no matter what you look for — it’s literally a five-foot shelf of documentation — if you look long enough it’s there. That’s the difference — the beauty of UNIX is it’s simple; and the beauty of VMS is that it’s all there. — Ken Olsen, president of DEC, DECWORLD Vol. 8 No. 5, 1984

             

            While this infamous quote has been long debated and seen by many Unix bashing, at the time was certainly the truth. I would argue that most of the complexities that were left out of earlier Unix (by design) having since made their way back is the root cause for the messy and ad hoc feel of modern Unix systems. In VMS all the advanced features were engineered into the system, essentially from the beginning, and never just bolted on.

        3. 1

          What actual evidence do you have of your claims? I’m not doubting them, just wondering where it comes from. Is the issue that nobody has bothered trying modern exploits out or do we actually just not know how secure it in fact is?

          1. 3

            I will give you a few interesting pointers:

            http://h20565.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04622344

            https://www.sans.org/reading-room/whitepapers/infosec/primer-openvms-vms-security-604

            http://h41379.www4.hpe.com/openvms/security.html

            https://www.defcon.org/images/defcon-16/dc16-presentations/defcon-16-oberg-nyberg-tusini.pdf

            Edit:

            https://www.cvedetails.com/vulnerability-list/vendor_id-10/product_id-4990/HP-Openvms.html

            While VMS is not immune to vulnerabilities, the design and structure of the system tends to eliminate whole classes of vulnerabilities and the debugging features combined with extensive QA catch more before they become problems.

            http://h20565.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04621447 and http://h20565.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04619748 are links the the “OpenVMS Programing Concepts Manual”, Parts I and II, and should go a long way into the practices that make VMS a better system than many of it’s contemporaries.

            Edit: http://www.eight-cubed.com/articles/traceback.html and http://h41379.www4.hpe.com/doc/84final/4493/4493pro_070.html good examples of the VMS Traceback facility. There is now stuff like libunwind and libsigsegv that can help provide similar functionality on Unix systems but it is nowhere near as consistent or pervasive, and because of the way VMS is designed these facilities are available and work the same way no matter what programming language is being used.

            1. 3

              Darn. That post was comprehensive enough I about can’t supplement it haha. I do find a few comments to be interesting. Here they are:

              The first is an IBM consultant talking about how great OpenVMS is. The competition praising your design decisions is kind of rare.

              https://groups.google.com/forum/#!original/comp.os.vms/6WbXC0XYIIU/rQmZjhA-ImkJ

              The other are the enhanced versions showing they at least tried to take it to the next level. The market rejected stronger security in favor of cheaper, faster, and more complexity. Instead of showing SEVMS, I’m linking to a presentation from one of only surviving Compartmented Mode Workstations that shows the strengths and risks of them. SEVMS had a subset.

              https://www.defcon.org/html/TEXT/8/db-8-Mythrander.ppt

              The other part was a hypervisor. OS’s claiming to focus on security waited quite a while for a hypervisor which was usually made by professionals or amateurs that weren’t security experts. DEC hired legendary Paul Karger, a co-founder of INFOSEC field that did MULTICS assessment, to design a high-assurance VMM for VAX. They did great on design even though market wasn’t ready for that stuff. Steve Lipner, his project manager, later went to Microsoft to implement a minimal version of the TCSEC called SDL. MS Research did a TCSEC B3-A1 class strategy on driver correctness. The combo knocked out tons of blue screens and 0-days in Windows kernel. Like Windows NT, the efforts started at DEC with Karger’s and their VMS people’s type of thinking respectively.

              http://www.cse.psu.edu/~trj1/cse543-f06/papers/vax_vmm.pdf

              1. 2

                Another interesting paper - mostly outdated but provides a those not familiar with VMS a look into many functions and shows how the systems “feels” in operation - https://www.giac.org/paper/gsna/176/security-audit-openvms-internal-auditors-perspective/106696

                1. 1

                  Yeah, the SANS papers can be interesting for what they distill. I read one on VMS a long time ago that was easy to read. This one is too dense and full of process-like thinking for most people. Their eyes will glaze over or they’ll think it’s just red tape. The good news is it has links to a lot of others likely including the one I read. Let me look at them really quick to see if one of them is better suited to our goal of introducing VMS style and security.

                  Alright, I only had 10 min since I’m going to work. Do note that it’s not bulletproof as it got compromised straight-forward at a later DEFCON. I just applauded they put more effort than most into it with its main advantage being uptime. Here’s the best link on security model I found in the paper you posted:

                  https://www.giac.org/paper/gsec/2648/fundamentals-securing-openvms-systems/104534

                  We need another one that comprehensively addresses its advantages like its clever filesystem, distributed lock manager, and clustering. I have one that’s decent from 2001:

                  http://h41379.www4.hpe.com/openvms/whitepapers/high_avail.html