Alpha Emulators

Emulators are an excellent way to replace aging hardware, saving electricity, rack space, and support costs. (Don’t think you’ll save on administration costs though: the operating system still requires support….)

However, finding emulators for architectures other than the i386 and its ilk can be difficult, particularly for recent orphans. The really old processors are emulated more often (such as the PDP series and others emulated by the SIMH emulator, or the System/370 and its ilk emulated by the Hercules emulator).

Emulators for the DEC Alpha are out there, but are not that easy to find. Stromasys has several, including the PersonalAlpha that can be used for personal use and the Charon-AXP which is a commercial product. For Charon-AXP, they now offer the Charon-AXP NCE (Non-Commercial Edition) which runs on Linux. Charon-AXP has for a long time been the best-known Alpha emulator out there, and there is a lot of recommendations for this product from those in the know.

There is also the open source project ES40, which aims to create an open source ES40 emulator. ES40 has a presence on Ohloh and on Sourceforge. There doesn’t seem to have been any activity on the project over the last year, which is unfortunate.

There is another emulator, FreeAXP, now entering beta status. FreeAXP emulates an AlphaServer 400 and is a prelude to a commercial Alpha emulator product from Migration Specialties, and FreeAXP will be available for commercial and non-commercial use. The current FreeAXP beta appears to be for 64-bit Windows only; the 32-bit Windows version was to come later.

Both FreeAXP and PersonalAlpha appear to be for Windows XP or Windows 7 only; neither list Windows 2000 as an option, and neither run on Linux or Unix. There is a Charon-AXP for OpenVMS, however.

News about Alpha emulators can often be had over at the OpenVMS Hobbyist Portal. After all, what better to run on an Alpha than OpenVMS?

PWN to OWN Contest at CanSecWest 2008

The PWN to OWN Contest is a hacking contest at the CanSecWest security conference that pits a standard install of Linux, Windows, and MacOS X against all comers. Each laptop has a default installation on it, and has not been hardened at all. The successful hacker will not only win a cash prize, but the system in question as well.

The MacBook Pro was the first to fall, and the laptop running Microsoft Vista Ultimate second. However, there will be those that misinterpret the results by not realizing how the contest was conducted.

Each contestant gets 30 minutes to attempt to crack the machine, and can choose which machine to attack. The attacks are limited by the rules, and each day that went by the rules allowed a wider range of attack vectors. It was a third party application (Adobe Flash) that permitted the compromise of the Microsoft Vista machine.

No part of the contest can be considered a scientific study into which system is more secure than the other: contestants attacked a single machine of choice, and contestants were allowed their attempts one at a time – and the operating system was not hardened.

This is entirely different than, for example, the Capture the Flag contest at DEFCON. That contest consists of setting up a server and trying to capture the other teams “flag” through compromising the server in some way. In that contest, any and all comers are permitted to enter and to attack at will during the contest with whatever vulnerabilities and methods they have available.

Speaking of DEFCON, DEFCON 9 saw the entrance of an Alpha-based VMS machine – installed with the standard setup – which remained unscathed throughout the contest, though try they did. The VMS Team (the Green Team) had a writeup and also wrote a white paper afterwards.

If you are interested in DEFCON, DEFCON 16 will be August 8-10 in Las Vegas, Nevada.

Also, speaking of DEFCON – let’s not forget the similarly named but totally unrelated InterSystems DEVCON2008, which is just wrapping up. DEVCON, among other things, covers Caché development and related. It is interesting to note that InterSystems DEVCON began 15 years ago, whereas DEFCON began 16 years ago. I wonder how much Caché security is covered at DEVCON2008.