"Digital twin technology is one of the most significant disruptors of global manufacturing seen this century," argues Motor Trend, "and the automobile industry is embracing it in a big way." Roughly three-quarters of auto manufacturers are using digital twins as part of their vehicle development process, evolving not only how they design and develop new cars but also the way they monitor them, fix them, and even build them...

Nvidia, best known for its consumer graphics cards, also has a digital twin solution, called Omniverse, which manufacturers such as Mercedes-Benz are using to design their manufacturing processes. "Their factory planners now have every single element in the factory that they can then put in that virtual digital twin first, lay it all out, and then operate it," Danny Shapiro, VP of automotive at Nvidia said. At that point, those planners can run the entire manufacturing process virtually, ensuring every conveyor feeds the next step in the process, identifying and addressing factory floor headaches long before production begins...

Software developers can run their solutions within digital twins. That includes the code at the lowest level, basic stuff that controls ignition timing within the engine for example, all the way up to the highest level, like touchscreens responding to user inputs. "We're not just simulating the operation outside the car, but the user experience," Nvidia's Shapiro said. "We can simulate and basically run the real software that would be running in that car and display it on the screens." By bringing all these systems together virtually, developers can find and solve issues earlier, preventing costly development delays or, worse yet, buggy releases...

Using unique identifiers, manufacturers can effectively create internal digital copies of vehicles that have been produced. Those copies can be used for ongoing tests and verifications, helping to anticipate things like required maintenance or susceptibility to part failures. By using telematics, in-car services that remotely communicate a car's status back to the manufacturer in real-time, these digital twins can be updated to match the real thing. "By monitoring tire health, tire grip, vehicle weight distribution, and other critical parameters, engineers can anticipate potential problems and schedule maintenance proactively, reducing downtime and extending the vehicle's lifespan," Tactile Mobility's Tzur said.

Ed Targett reports via The Stack: Broadcom is killing off VMware's on-premises perpetual licenses -- and getting set to strong-arm VMware customers onto subscriptions, by also ending the sale of Support and Subscription renewals for such customers. VMware described this to customers as part of its plan to "complete the transition of all VMware by Broadcom solutions to subscription licenses." "We are [also] ending the sale of Support and Subscription (SnS) renewals for perpetual offerings beginning today" SVP Krish Prasad said in a FAQ.

VMware perpetual licenses were described by its own Office of the CTO earlier this year in a short blog as its "most renowned licenses." The on-premises licenses for the virtualization software come with a license key, with SnS separately licensing users for support and software updates. Perpetual license keys never expire but the SnS lapses and now will not, seemingly, be renewed -- meaning that customers reluctant to shift to an alternative licensing model will be left without support or updates.

VMware customers "may continue using perpetual licenses with active support contracts. We will continue to provide support as defined in contractual commitments. We encourage customers to review their inventory of perpetual licenses, including Support Services renewal and expiration dates," Broadcom said rather menacingly, on December 10. The company is also announcing a new "bring-your-own-subscription license option, providing license portability to VMware validated hybrid cloud endpoints running VMware Cloud Foundation," it added, without initially sharing details.

An anonymous reader quotes a report from Ars Technica: Security researchers are tracking what they say is the "mass exploitation" of a security vulnerability that makes it possible to take full control of servers running ownCloud, a widely used open source file-sharing server app. The vulnerability, which carries the maximum severity rating of 10, makes it possible to obtain passwords and cryptographic keys allowing administrative control of a vulnerable server by sending a simple Web request to a static URL, ownCloud officials warned last week. Within four days of the November 21 disclosure, researchers at security firm Greynoise said, they began observing "mass exploitation" in their honeypot servers, which masqueraded as vulnerable ownCloud servers to track attempts to exploit the vulnerability. The number of IP addresses sending the web requests has slowly risen since then. At the time this post went live on Ars, it had reached 13.

CVE-2023-49103 resides in versions 0.2.0 and 0.3.0 of graphapi, an app that runs in some ownCloud deployments, depending on the way they're configured. A third-party code library used by the app provides a URL that, when accessed, reveals configuration details from the PHP-based environment. In last week's disclosure, ownCloud officials said that in containerized configurations -- such as those using the Docker virtualization tool -- the URL can reveal data used to log in to the vulnerable server. The officials went on to warn that simply disabling the app in such cases wasn't sufficient to lock down a vulnerable server. [...]

To fix the ownCloud vulnerability under exploitation, ownCloud advised users to: "Delete the file owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php. Additionally, we disabled the phpinfo function in our docker-containers. We will apply various hardenings in future core releases to mitigate similar vulnerabilities.

We also advise to change the following secrets:
- ownCloud admin password
- Mail server credentials
- Database credentials
- Object-Store/S3 access-key"

Simon Sharwood reports via The Register: Amazon Web Services has announced the WorkSpaces Thin Client -- a device dedicated to connecting to its WorkSpaces desktop-as-a service offering and based on Amazon's own "Fire Cube" smart TV box. The $195 machine has the same hardware as the Fire Cube: the eight-core Arm-powered Amlogic POP1-G SoC, plus 2GB of LPDDR4 RAM, 10/100 ethernet, and a single USB-A 2.0 port. Bluetooth is included to connect other peripherals. A second HDMI output can be added by acquiring an $85 hub that also offers four more USB ports. Like the Fire TV Cube, the Thin Client also runs a modified cut of Android.

But there the similarities end. AWS created custom firmware and ripped out anything remotely related to running a consumer device, replacing it with software designed solely to create a secure connection between the device and desktops running in the Amazonian cloud. Amazon Business -- the B2B version of Jeff Bezos's digital souk -- will ship the device to your door, and charge it to your AWS bill. At least if you are in the USA. Europe will get the Thin Client in early 2024, and it'll eventually migrate elsewhere.

AWS decided to base the box on the Fire Cube because, according to a corporate blog post, AWS customers expressed a desire for cheaper and easier-to-maintain client devices. As AWS execs searched for a well-priced box, they considered the Fire TV Cube, found it fit the bill and noted it was already being made at scale. Keeping things in-house made sense, too. And so we find ourselves with AWS taking on established thin client providers. The cloudy concern is also keen to have a crack at the thick wedge of the enterprise PC market: call centers, payment processing centers, and other environments with lots of users and high staff turnover due to factors like seasonal demand for workers.

After acquiring VMware for $69 billion, Broadcom is eliminating several positions at the virtualization technology company. Business Insider reports: Employees whose positions were eliminated received an email on Monday, viewed by Business Insider, that read: "Broadcom recently completed its acquisition of VMware. As part of integration planning, and following an organizational needs assessment, we identified go-forward roles that will be required within the combined company. We regret to inform you that your position is being eliminated and your employment will be terminated."

"We would like to thank you for your dedication and service. We want to make this transition as smooth as possible, including offering you a generous severance package and providing you a non-working paid notice period," the email continued. Currently, it's unclear exactly how many employees will be affected by the cuts.

Long-time Slashdot reader Noryungi writes: OpenBSD 7.4 has been officially released. The 55th release of this BSD operating system, known for being security oriented, brings a lot of new things, including dynamic tracer, pfsync improvements, loads of security goodies and virtualization improvements. Grab your copy today! As mentioned by Phoronix's Michael Larabel, some of the key highlights include:

- Dynamic Tracer (DT) and Utrace support on AMD64 and i386 OpenBSD
- Power savings for those running OpenBSD 7.4 on Apple Silicon M1/M2 CPUs by allowing deep idle states when available for the idle loop and suspend
- Support for the PCIe controller found on Apple M2 Pro/Max SoCs
- Allow updating AMD CPU Microcode updating when a newer patch is available
- A workaround for the AMD Zenbleed CPU bug
- Various SMP improvements
- Updating the Direct Rendering Manager (DRM) graphics driver support against the upstream Linux 6.1.55 state
- New drivers for supporting various Qualcomm SoC features
- Support for soft RAID disks was improved for the OpenBSD installer
- Enabling of Indirect Branch Tracking (IBT) on x86_64 and Branch Target Identifier (BTI) on ARM64 for capable processors

You can download and view all the new changes via OpenBSD.org.

SUSE's latest release of SUSE Linux Enterprise 15 Service Pack 5 (SLE 15 SP5) has a focus on security, claiming it as the first distro to offer full support for confidential computing to protect data. From a report: According to SUSE, the latest version of its enterprise platform is designed to deliver high-performance computing capabilities, with an inevitable mention of AI/ML workloads, plus it claims to have extended its live-patching capabilities. The release also comes just weeks after the community release openSUSE Leap 15.5 was made available, with the two sharing a common core. The Reg's resident open source guru noted that Leap 15.6 has now been confirmed as under development, which implies that a future SLE 15 SP6 should also be in the pipeline.

SUSE announced the latest version at its SUSECON event in Munich, along with a new report on cloud security issues claiming that more than 88 percent of IT teams have reported at least one cloud security incident over the the past year. This appears to be the justification for the claim that SLE 15 SP5 is the first Linux distro to support "the entire spectrum" of confidential computing, allowing customers to run fully encrypted virtual machines on their infrastructure to protect applications and their associated data. Confidential computing relies on hardware-based security mechanisms in the processor to provide this protection, so enterprises hoping to take advantage of this will need to ensure their servers have the necessary support, such as AMD's Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) and Intel's Trust Domain Extensions (TDX).

Linux Foundation Europe "has announced the RISC-V Software Ecosystem (RISE) Project to help facilitate more performant, commercial-ready software for the RISC-V processor architecture," reports Phoronix.

"Among the companies joining the RISE Project on their governing board are Andes, Google, Intel, Imagination Technologies, Mediatek, NVIDIA, Qualcomm, Red Hat, Rivos, Samsung, SiFive, T-Head, and Ventana."

It's top goal is "accelerate the development of open source software for RISC-V," according to the official RISE web site. The project's chair says it "brings together leaders with a shared sense of urgency to accelerate the RISC-V software ecosystem readiness in collaboration with RISC-V International." The CEO of RISC-V International, Calista Redmond, said "We are grateful to the thousands of engineers making upstream contributions and to the organizations coming together now to invest in tools and libraries in support of the RISC-V software ecosystem." RISE Project members will contribute financially and provide engineering talent to address specific software deliverables prioritized by the RISE Technical Steering Committee (TSC). RISE is dedicated to enabling a robust software ecosystem specifically for application processors that includes software development tools, virtualization support, language runtimes, Linux distribution integration, and system firmware, working upstream first with existing open source communities in accordance with open source best practices.

"The RISE Project is dedicated to enabling RISC-V in open source tools and libraries (e.g., LLVM, GCC, etc) to speed implementation and time-to-market," said Gabriele Columbro, General Manager of Linux Foundation Europe.
Google's director of engineering on Android said Google was "excited to partner with industry leaders to drive rapid maturity of the RISC-V software ecosystem in support of Android and more."

And the VP of system software at NVIDIA said "NVIDIA's accelerated computing platform — which includes GPUs, DPUs, chiplets, interconnects and software — will support the RISC-V open standard to help drive breakthroughs in data centers, and a wide range of industries, such as automotive, healthcare and robotics."

There's a major new update of QEMU, the open-source machine emulator, reports 9to5Linux: Coming a year after QEMU 7.0, the QEMU 8.0 release is here to improve support for ARM and RISC-V architectures.

- For ARM, it adds emulation support for FEAT_EVT, FEAT_FGT, and AArch32 ARMv8-R, CPU emulation for Cortex-A55 and Cortex-R52, support for a new Olimex STM32 H405 machine type, as well as gdbstub support for M-profile system registers.

- For the RISC-V architecture, QEMU 8.0 brings updated machine support for OpenTitan, PolarFire, and OpenSBI, additional ISA and Extension support for smstateen, native debug icount trigger, cache-related PMU events in virtual mode, Zawrs/Svadu/T-Head/Zicond extensions, and ACPI support. Moreover, RISC-V received multiple fixes covering PMP propagation for TLB, mret exceptions, uncompressed instructions, and other emulation/virtualization improvements.
Improvements were also made for the s390x (IBM Z) platform, the HP Precision Architecture (HPPA) platform, and x86.

Microsoft has outlined how users running Apple Silicon-based Macs can utilize Windows 11 in a new support document published today. The document explains how users running Mac devices with either M1 or M2 chips can use Windows 11, either via the cloud or using a local virtualization such as Parallels Desktop. From a report: Unfortunately, the document makes no mention of installing Windows 11 natively on Apple Silicon hardware. Apple's legacy Bootcamp application, which previously allowed Mac users to install Windows into its own bootable partition on a Mac, was removed when Apple transitioned to ARM processors. As of now, Microsoft points to Windows 365 as a potential solution for running Windows 11 on a Mac, using its enterprise service to stream a Windows 11 PC from the cloud. [...] For those users, Microsoft also mentions Parallels Desktop as a viable alternative. Version 18 of Parallels Desktop is now officially authorized to run Windows 11 on ARM on a Mac with M1 or M2 processors. This is the only way to officially run Windows 11 on ARM locally on a Mac with Apple Silicon.

Searching Google for downloads of popular software has always come with risks, but over the past few months, it has been downright dangerous, according to researchers and a pseudorandom collection of queries. Ars Technica reports: "Threat researchers are used to seeing a moderate flow of malvertising via Google Ads," volunteers at Spamhaus wrote on Thursday. "However, over the past few days, researchers have witnessed a massive spike affecting numerous famous brands, with multiple malware being utilized. This is not "the norm.'"

The surge is coming from numerous malware families, including AuroraStealer, IcedID, Meta Stealer, RedLine Stealer, Vidar, Formbook, and XLoader. In the past, these families typically relied on phishing and malicious spam that attached Microsoft Word documents with booby-trapped macros. Over the past month, Google Ads has become the go-to place for criminals to spread their malicious wares that are disguised as legitimate downloads by impersonating brands such as Adobe Reader, Gimp, Microsoft Teams, OBS, Slack, Tor, and Thunderbird.

On the same day that Spamhaus published its report, researchers from security firm Sentinel One documented an advanced Google malvertising campaign pushing multiple malicious loaders implemented in .NET. Sentinel One has dubbed these loaders MalVirt. At the moment, the MalVirt loaders are being used to distribute malware most commonly known as XLoader, available for both Windows and macOS. XLoader is a successor to malware also known as Formbook. Threat actors use XLoader to steal contacts' data and other sensitive information from infected devices. The MalVirt loaders use obfuscated virtualization to evade end-point protection and analysis. To disguise real C2 traffic and evade network detections, MalVirt beacons to decoy command and control servers hosted at providers including Azure, Tucows, Choopa, and Namecheap. "Until Google devises new defenses, the decoy domains and other obfuscation techniques remain an effective way to conceal the true control servers used in the rampant MalVirt and other malvertising campaigns," concludes Ars. "It's clear at the moment that malvertisers have gained the upper hand over Google's considerable might."

Last year, Google announced Android Open Source Project (AOSP) support for Rust, and today the company provided an update, while highlighting the decline in memory safety vulnerabilities. 9to5Google reports: Google says the "number of memory safety vulnerabilities have dropped considerably over the past few years/releases."; Specifically, the number of annual memory safety vulnerabilities fell from 223 to 85 between 2019 and 2022. They are now 35% of Android's total vulnerabilities versus 76% four years ago. In fact, "2022 is the first year where memory safety vulnerabilities do not represent a majority of Android's vulnerabilities."

That count is for "vulnerabilities reported in the Android security bulletin, which includes critical/high severity vulnerabilities reported through our vulnerability rewards program (VRP) and vulnerabilities reported internally." During that period, the amount of new memory-unsafe code entering Android has decreased: "Android 13 is the first Android release where a majority of new code added to the release is in a memory safe language. "

Rust makes up 21% of all new native code in Android 13, including the Ultra-wideband (UWB) stack, DNS-over-HTTP3, Keystore2, Android's Virtualization framework (AVF), and "various other components and their open source dependencies." Google considers it significant that there have been "zero memory safety vulnerabilities discovered in Android's Rust code" so far across Android 12 and 13. Google's blog post today also talks about non-memory-safety vulnerabilities, and its future plans: "... We're implementing userspace HALs in Rust. We're adding support for Rust in Trusted Applications. We've migrated VM firmware in the Android Virtualization Framework to Rust. With support for Rust landing in Linux 6.1 we're excited to bring memory-safety to the kernel, starting with kernel drivers.

The U.K.'s Competition and Markets Authority (CMA) is initiating an investigation into Broadcom's proposed $61 billion deal to buy virtualization software giant VMware. From a report: The news comes shortly after news emerged that the European Commission (EC) was also proceeding with an investigation into what would be one of the biggest tech acquisitions of all time. In the companies' domestic U.S. market, meanwhile, the Federal Trade Commission (FTC) last month progressed its investigation into a deeper second review phase, which means that the FTC saw enough during its initial analysis to warrant a more extensive look. The crux of the deal is chip giant Broadcom seeking to diversify by expanding deeper into the enterprise infrastructure software fray. While VMware's shareholders greenlighted the proposal a couple of weeks back, a deal of this size was always going to garner regulatory scrutiny, so there is little surprise that we're seeing multiple authorities look into the deal. Broadcom had previously stated that it hoped to close the deal by October, 2023, so it was aware that this was going to be a long journey.

VMware today announced the launch of Fusion 13, the latest major update to the Fusion virtualization software. MacRumors reports: For those unfamiliar with Fusion, it is designed to allow Mac users to operate virtual machines to run non-macOS operating systems like Windows 11. Fusion 13 Pro and Fusion 13 Player are compatible with both Intel Macs and Apple silicon Macs equipped with M-series chips, offering native support. VMware has been testing Apple silicon support for several months now ahead of the launch of the latest version of Fusion.

With Fusion 13, Intel and Apple silicon Mac users can access Windows 11 virtual machines. Intel Macs offer full support for Windows 11, while on Apple silicon, VMware says there is a first round of features for Windows 11 on Arm. Users who need to run traditional win32 and x64 apps can do so through built-in emulation. Fusion 13 also includes a TPM 2.0 virtual device that can be added to any VM, storing contents in an encrypted section of the virtual machine files and offering hardware-tpm functionality parity. To support this feature, Fusion 13 uses a fast encryption type that encrypts only the parts of the VM necessary to support the TPM device for performance and security. The software supports OpenGL 4.3 in Windows and Linux VMs on Intel and in Linux VMs on Apple silicon.

An anonymous reader quotes a report from Ars Technica: It's still possible to learn a lot of interesting things about old operating systems. Sometimes, those things are already documented (on a blog post) that miraculously still exist. One such quirk showed up recently when someone noticed how Microsoft made sure that SimCity and other popular apps worked on Windows 95. A recent tweet by @Kalyoshika highlights an excerpt from a blog post by Fog Creek Software co-founder, Stack Overflow co-creator, and longtime software blogger Joel Spolsky. The larger post is about chicken-and-egg OS/software appeal and demand. The part that caught the eye of a Hardcore Gaming 101 podcast co-host is how the Windows 3.1 version of SimCity worked on the Windows 95 system. Windows 95 merged MS-DOS and Windows apps, upgraded APIs from 16 to 32-bit, and was hyper-marketed. A popular app like SimCity, which sold more than 5 million copies, needed to work without a hitch.

Spolsky's post summarizes how SimCity became Windows 95-ready, as he heard it, without input from Maxis or user workarounds: "Jon Ross, who wrote the original version of SimCity for Windows 3.x, told me that he accidentally left a bug in SimCity where he read memory that he had just freed. Yep. It worked fine on Windows 3.x, because the memory never went anywhere. Here's the amazing part: On beta versions of Windows 95, SimCity wasn't working in testing. Microsoft tracked down the bug and added specific code to Windows 95 that looks for SimCity. If it finds SimCity running, it runs the memory allocator in a special mode that doesn't free memory right away. That's the kind of obsession with backward compatibility that made people willing to upgrade to Windows 95."

Spolsky (in 2000) considers this a credit to Microsoft and an example of how to break the chicken-and-egg problem: "provide a backwards compatibility mode which either delivers a truckload of chickens, or a truckload of eggs, depending on how you look at it, and sit back and rake in the bucks." Windows developers may have deserved some sit-back time, seeing the extent of the tweaks they often have to make for individual games and apps in Windows 95. Further in @Kalyoshika's replies, you can find another example, pulled from the Compatibility Administrator in Windows' Assessment and Deployment Kit (ADK). A screenshot from @code_and_beer shows how Windows NT, upon detecting files typically installed with Final Fantasy VII, will implement a fittingly titled compatibility fix: "Win95VersionLie." Simply telling the game that it's on Windows 95 seems to fix a major issue with its operation, along with a few other emulation and virtualization tweaks. "Mike Perry, former creative director at Sim empire Maxis (and later EA), noted later that there was, technically, a 32-bit Windows 95 version of Sim City available, as shown by the 'Deluxe Edition' bundle of the game," adds Ars. "He also states that Ross worked for Microsoft after leaving Maxis, which would further explain why Microsoft was so keen to ensure people could keep building parks in the perfect grid position to improve resident happiness."

Virtualization and cloud products vendor Citrix and enterprise applications vendor Tibco Software have completed their merger, valued at $16.5 billion, with new leadership calling the combined company "a new global leader in enterprise software." CRN reports: The two companies announced the deal's completion in a statement Friday. Tom Krause, who left Broadcom after the chip giant's announced acquisition of VMware to become CEO of the combined Citrix and Palo Alto, Calif.-based Tibco, called the combined company "a new global leader in enterprise software" in the statement.

"We are excited to create a new global leader in enterprise software, designed for scale and growth, through the combination of Citrix and TIBCO," Krause said. "The platform we have built will expand and deepen our relationships with our valued customers and partners, drive the future of mission-critical cloud software solutions and create long-term value for all our stakeholders." With the completion of the Citrix-Tibco deal, Krause revealed on LinkedIn that he is now CEO of Cloud Software Group (CSG), the owner of Citrix and Tibco.

For decades, security researchers warned about techniques for hijacking virtualization software. Now one group has put them into practice. From a report: For decades, virtualization software has offered a way to vastly multiply computers' efficiency, hosting entire collections of computers as "virtual machines" on just one physical machine. And for almost as long, security researchers have warned about the potential dark side of that technology: theoretical "hyperjacking" and "Blue Pill" attacks, where hackers hijack virtualization to spy on and manipulate virtual machines, with potentially no way for a targeted computer to detect the intrusion. That insidious spying has finally jumped from research papers to reality with warnings that one mysterious team of hackers has carried out a spree of "hyperjacking" attacks in the wild.

Today, Google-owned security firm Mandiant and virtualization firm VMware jointly published warnings that a sophisticated hacker group has been installing backdoors in VMware's virtualization software on multiple targets' networks as part of an apparent espionage campaign. By planting their own code in victims' so-called hypervisors --VMware software that runs on a physical computer to manage all the virtual machines it hosts -- the hackers were able to invisibly watch and run commands on the computers those hypervisors oversee. And because the malicious code targets the hypervisor on the physical machine rather than the victim's virtual machines, the hackers' trick multiplies their access and evades nearly all traditional security measures designed to monitor those target machines for signs of foul play.

"The idea that you can compromise one machine and from there have the ability to control virtual machines en masse is huge," says Mandiant consultant Alex Marvi. And even closely watching the processes of a target virtual machine, he says, an observer would in many cases see only "side effects" of the intrusion, given that the malware carrying out that spying had infected a part of the system entirely outside its operating system. Mandiant discovered the hackers earlier this year and brought their techniques to VMware's attention. Researchers say they've seen the group carry out their virtualization hacking -- a technique historically dubbed hyperjacking in a reference to "hypervisor hijacking" -- in fewer than 10 victims' networks across North America and Asia. Mandiant notes that the hackers, which haven't been identified as any known group, appear to be tied to China.

VMware engineers have tested the Linux kernel's fix for the Retbleed speculative execution bug, and report it can impact compute performance by a whopping 70 percent. The Register reports: In a post to the Linux Kernel Mailing List titled "Performance Regression in Linux Kernel 5.19", VMware performance engineering staffer Manikandan Jagatheesan reports the virtualization giant's internal testing found that running Linux VMs on the ESXi hypervisor using version 5.19 of the Linux kernel saw compute performance dip by up to 70 percent when using single vCPU, networking fall by 30 percent and storage performance dip by up to 13 percent. Jagatheesan said VMware's testers turned off the Retbleed remediation in version 5.19 of the kernel and ESXi performance returned to levels experienced under version 5.18.

Because speculative execution exists to speed processing, it is no surprise that disabling it impacts performance. A 70 percent decrease in computing performance will, however, have a major impact on application performance that could lead to unacceptable delays for some business processes. VMware's tests were run on Intel Skylake CPUs -- silicon released between 2015 and 2017 that will still be present in many server fleets. Subsequent CPUs addressed the underlying issues that allowed Retbleed and other Spectre-like attacks.

An anonymous reader quotes a report from Ars Technica: Unlike Intel Macs, Apple silicon Macs were designed to run only Apple's software. But the developers on the Asahi Linux team have been working to change that, painstakingly reverse-engineering support for Apple's processors and other Mac hardware and releasing it as a work-in-progress distro that can actually boot up and run on bare metal, no virtualization required. The Asahi Linux team put out a new release today with plenty of additions and improvements. Most notably, the distro now supports the M1 Ultra and the Mac Studio and has added preliminary support for the M2 MacBook Pro (which has been tested firsthand by the team) and the M2 MacBook Air (which hasn't been tested but ought to work). Preliminary Bluetooth support for all Apple silicon Macs has also been added, though the team notes that it works poorly when connected to a 2.4GHz Wi-Fi network because "Wi-Fi/Bluetooth coexistence isn't properly configured yet."

There are still many other things that aren't working properly, including the USB-A ports on the Studio, faster-than-USB-2.0 speeds from any Type-C/Thunderbolt ports, and GPU acceleration, but progress is being made on all of those fronts. GPU work in particular is coming along, with a "prototype driver" that is "good enough to run real graphics applications and benchmarks" already up and running, though it's not included in this release. The Asahi team has said in the past that it expects support for new chips to be relatively easy to add to Asahi since Apple's chip designers frequently reuse things and don't make extensive hardware changes unless there's a good reason for it. Adding basic support for the M2 to Asahi happened over the course of a single 12-hour development session, and just "a few days" of additional effort were needed to get the rest of the hardware working as well as it does with M1-based Macs.

An anonymous reader quotes a report from Ars Technica: One of the few things that Intel Macs can do that Apple Silicon Macs can't is run operating systems written for Intel or AMD processors inside of virtual machines. Most notably, this has meant that there is currently no legal way to run Windows on an Apple Silicon Mac. Apple Silicon Macs can, however, run operating systems written for Arm processors inside of virtual machines, including other versions of macOS and Arm-compatible versions of Linux. And those Linux VMs are getting a new feature in macOS Ventura: the ability to run apps written for x86 processors using Rosetta, the same binary translation technology that allows Apple Silicon Macs to run apps written for Intel Macs.

Apple's documentation will walk you through the requirements for using Rosetta within a Linux guest operating system -- it requires creating a shared directory that both macOS and Linux can access and running some terminal commands in Linux to get it set up. But once you do those steps, you'll be able to enjoy the wider app compatibility that comes with being able to run x86 code as well as Arm code. Some developers, including Hector Martin of the Asahi Linux project and Twitter user @never_released, have already found that these steps can also enable Rosetta on non-Apple ARM CPUs as long as they're modern enough to support at least version 8.2 of the Arm instruction set. As Martin points out, this isn't strictly legal because of macOS's licensing restrictions, and there are some relatively minor Apple-specific hardware features needed to unlock Rosetta's full capabilities.