What is he like - a harsh and merciless Russian computer?
At the end of 2015, Izhevsk Radio Plant created a worldwide sensation, surprising engineers not only from Apple and Microsoft, but also the domestic audience with its first-born. The name was given to the computer Elbrus 401.
The company plans to produce Russian Elbrus-401 computers in 2016, but the number of orders has not yet been specified.
Russian computer "Elbrus-401".
The Elbrus computer is based on the Elbrus-4C microprocessor with a frequency of 800 MHz. The Russian new product contains 24 GB of operating memory, which can be expanded up to 96 GB, as well as a 1 TB hard drive. The video card is really not domestic, but it is impressive - AMD Radeon 6000 series.
Operating system.
The computer runs the Elbrus operating system, based on the Linux kernel. Elbrus OS supports a whole list of open source applications: text editor AbiWord similar to MS WORD, spreadsheet editor Gnumeric as a replacement for Excel, Mozilla Firefox browser. Of course, this is only part of the programs initially installed on the computer.
At the user's request, it is possible to install other operating systems that can be run on Intel x86/x86-64. First of all, these are other versions of Linux and Windows OS.
Price.
The cost of the first batch of Elbrus computers for legal entities is 400,000 rubles. The MCST company has not yet specified how much the next batch of computers will cost.
Do you think domestic PC users will switch to Elbrus computers? Will they be popular in the market?
The Elbrus platform is an original Russian development, created by MCST specialists. operating system was created based on Linux. The main advantage of the platform is the built-in set of information protection tools from unauthorized access, which ensures high level safety when working as part of automated systems.
MasterSCADA for the Elbrus platform is the ability to implement a modern and productive automated control system on Elbrus 2000 and Elbrus-90micro processors. The system has an open interface with the ability to change and add basic elements. MasterSCADA control is logical and intuitive, and with the help of pop-up tips, it has become even easier to configure the system.
On the website you can order a licensed product for the Elbrus OS. The license module delivery set includes a distribution disk, a USB protection key, the text of the license agreement, a warranty, a coupon for the provision of technical support and a set of accounting documents. The site also offers the opportunity to purchase SCADA for other operating systems.
BOOT started. BOOT E2S VERSION: release-2.13.3.0-E2S::::::: (/tags/release-2.13.3.0-E2S at revision 3816) BUILT BY neo TARGET: mono ON Nov 2 2015 AT 18:05:37 COMPILER : lcc:1.17.12:Nov-27-2012:e2k-linux.cross:i386-linux Thread model: posix gcc version 3.4.6 compatible. FLAGS: -DDEBUG_TEST_BOOTBLOCK ........ -DRELEASE ........
By pressing the Spacebar when the corresponding prompt appears (45 seconds after power is applied), you can interrupt the automatic loading of the system kernel and get to the main commands menu, where the basic bootloader parameters are shown or changed. By pressing the Tilde key, you can go from this menu to the interface command line, where fine-tuning of the equipment is available - from setting the date and time of day to setting the operating modes of peripheral controllers and the system bus. Although there is an option in the menu to force save settings, changes from the command line are saved automatically; as a last resort, the settings can be reset using a jumper on the motherboard.
Log of work in the system menu(entirely on Pastebin)
BOOT SETUP Press command letter, or press "h" to get help:h HELP "p" or "s" - load and Start file "c" - Change boot parameters "u" - show cUrrent parameters "d" - show Disks and partitions "m" - save params to NVRAM "b" - start Boot.conf menu "`", "~" - enter enhanced cmd mode:` ENHANCED CMD MODE Enter command, "help" to get help, or Esc to exit # set vga primary 1 core: 0x0, link: 0x0, bus: 0x3, slot: 0x0, func: 0x0, ven: 0x1002, dev: 0x6779, rev: 0x0, classcode: 0x30000 is selected! # boot boot# auto CPU#00: Label "auto" found, loading parameters Trying to load and start image with the following parameters: drive_number: "4" partition_number: "0" command_string: "console=tty0 root=/dev/sda3 . ......." filename: "/boot/image-033.6.57" initrdfilename: "" CPU#00: Reading: File - "/boot/image-033.6.57", Drive - 4, Partition - 0 ........
Among other things, noteworthy is the ability to activate and deactivate the Echelon-E trusted boot hardware-software module, although no board resembling traditional APMDS is installed in the computer. It was not possible to find clear information about such a device, with the exception of one note where it was stated that this is a specialized version of the MDZ-Echelon product, which is a completely software development and uses standard computer hardware.
Directly from the command line, without loading the operating system, you can run tests for the correct functioning of the equipment (System of test and diagnostic programs) - either those that are stored on disk and available for launch from the operating system, or some others: I couldn’t figure it out , because you need to specify the exact name of the executable file, and there is no documentation.
For the same reason - due to the lack of proper documentation - it was not possible to delve into the intricacies of managing the operating system bootloader, or more precisely, how to load something other than the standard system. After all, the same bootloader (SILO) is used here as on computers of the SPARC architecture - and there it is not supposed to work with a foreign set of instructions. The boot parameters themselves are intuitive: you need to specify the partition number and file name with the system kernel, as well as the kernel launch arguments, the name of the file with the archive of auxiliary programs ( initrd, if necessary), timeout waiting for user cancellation. These parameters are read from the file /boot/boot.conf in the first disk partition specified from the command line; several sets of parameters can be defined in the file; by default, the one specified in the directive is used default, or which is given the name “ auto" But what needs to be done to run operating systems for the x86 or x86‑64 architecture, the transparent support of which is stated as one of the key features of Elbrus? Missing file boot.conf on installation disk Windows or the popular Linux distribution can be compensated for by manual entry through the menu. How to transfer control to a new bootloader that is not the Linux kernel? How to run at least the Linux kernel if it is for x86? It was impossible to figure this out without documentation: the matter invariably ended in a freeze at the moment control passed from the bootloader to the kernel.
Standard bootloader configuration (boot.conf)
Default=auto timeout=3 label=auto partition=0 image=/boot/image-033.6.57 cmdline=console=tty0 console=ttyS0,115200 consoleblank=0 hardreset REBOOT root=/dev/sda3 video=DVI-D-1 :1024x768-24@60 video=VGA-1:1024x768-24@60 fbcon=map:10
As for the standard kernels of the Elbrus operating system, the bootloader configuration file contains only one set of parameters, and they point to the default kernel. In addition to it, there are two kernels - with the suffixes " nn" And " rt": judging by the assembly configuration of these kernels, the first means “no NUMA” (a simplified version for single-processor systems; why not use it on a personal computer?), and the second means “real time” (Linux kernel extensions for dispatching tasks with a limitation by execution time). Without even superficial knowledge in these areas, the author finds it difficult to give any comments about the advantages or disadvantages of this or that alternative kernel.
Regarding PPS and PTP support
The only familiar configuration option is to enable PPS API (pulse per second) support in the kernel." rt", which allows you to adjust the course of the computer's system clock according to an external clock pulse, for example, from a GPS / GLONASS receiver or from a cesium clock, if you happen to have one lying around. It’s just not clear how exactly to set up this synchronization: unlike FreeBSD, for example, where everything starts working as if by itself after rebuilding the kernel with the required parameter and reconfiguring NTPd to use the system discipline, in Linux it usually requires dancing with a tambourine around the utility ldattach, which creates a virtual PPS device based on a COM or LPT port - this requires appropriate drivers in the kernel or in separate modules, but they are not visible here.
Built-in LAN card also showed no signs of hardware support for time synchronization: utility output ethtool regarding the PTP protocol indicated the absence of such functions. In any case, - that when using the default kernel, which is real time, the only source of system time is the device " lt"("Elbrus timer"?) with a resolution of 1 μs. Not that this is too rough, but modern computers are quite capable of providing quantization at the level of 25–50 ns, regardless of the current processor frequency.
By default, the operating system starts along with the graphical environment: it takes 12 seconds to load the kernel into memory and about 23 more before the login prompt appears - a total of 80 seconds from the moment it is turned on. As already mentioned, we were unable to select kernel arguments to run in single-user mode: when specifying “ S" or " 1 » the system still reached level 5, and attempts to lower the level after that using the command init led to the collapse of the system.
Since the computer has two video adapters, virtual terminals are distributed between them in turn: the first terminal opens on a discrete card, the second - on the built-in controller, the third - again on a discrete one, and so on. The graphic desktop, located on the seventh terminal, thus ends up on a discrete video card, the performance of which does not raise any questions. I really wanted to check how responsive the desktop would be if I displayed it through the built-in controller, because domestic platforms have problems with this: for example, a simple screen redraw using the Graphics Adapter Module (MCST’s own development) can take several seconds - not just slow , but almost like the line-by-line appearance of the screensaver in games for the ZX Spectrum, loaded from a tape cassette. Alas, no edit Xorg.conf in an image and likeness, neither the selection of kernel arguments, nor the change of the primary video adapter in the hardware settings gave the desired effect.
A curious nuance
While the primary screen on a discrete graphics card is initialized in text mode, the same screen on an embedded controller is initialized in graphics mode and shows 4 CPU logos (as some Linux kernels do right after they start), but still only uses the top 25 lines of text.
By default, the kernel is started with the argument " hardreset", which instructs the system to perform a complete hard reset when restarting the computer. In the x86 world, everyone is used to this option, but alternative platforms, where cold initialization after power-up takes several minutes, can offer a quick restart of the operating system - and it actually works, unlike the "lottery" with kexec from Intel/AMD. We were unable to find an argument that would be supported by the core of the Elbrus system and at the same time give desired result.
Software
The Elbrus operating system (OS El, OSL) is standard for all MCST computers, although the MSVS 3.0 system port can also function on the SPARC platform. Official system identification of software products goes back to their decimal numbers: for example, “OS 316‑10” stands for “operating system TVGI.00316‑10 with kernel TVGI.00315‑03, part of the general software TVGI.00311‑05.” On the one hand, it looks more like alphanumeric titles than by serial numbers versions. On the other hand, a particular software product is usually closely related to a specific hardware product, and does not undergo significant changes during its life. However, in the file /etc/mcst_version you can see the tag “release 2.2.1”, and in the pseudo-file /proc/bootdata- “release 2.13.3.0”. However, none of these symbols appear in the user interface.$ cat /etc/mcst_version release 2.2.1 $ cat /proc/bootdata boot_ver=" release-2.13.3.0-E2S::::::: (/tags/release-2.13.3.0-E2S at revision 3816) built on Nov 2 2015 at 18:05:58" mb_type="MONOCUB" chipset_type="IOHUB" cpu_type="E2S" cache_lines_damaged=0 $ cat /proc/version Linux version 2.6.33-elbrus.033.6.57 (gavrilova_tg@e2k13) (gcc version 4.4.0 compatible) #1 SMP Sun Oct 11 00:10:58 MSK 2015 $ uname -a Linux MONOCUB-10-XX 2.6.33-elbrus.033.6.57 #1 SMP Sun Oct 11 00:10: 58 MSK 2015 e2k E2S MONOCUB GNU/Linux
The core of the system is Linux 2.6.33, ported to the Elbrus-2000 (E2K) architecture, and in general the system is based on the Debian distribution with a selective approach to the selection of packages: for the most part, there is compliance with the 7.0 “Wheezy” release or newer, however The versions of some packages are rather closer to 5.0 "Lenny". According to a recent report (PDF, 172 KB), research is also being carried out to directly port the original distribution with all its variety of packages, but the same “Grandfather Lenin” is chosen as the basis. And all because it is necessary to ensure backward compatibility with application and system software developed for even older versions of libraries and compilers. But why not then release several versions of the system - on an older and a newer package base - so that the consumer can choose for himself? Probably because there is not enough demand from the target audience, and certification problems probably play an important role.
Once installed system is not subject to regular updating from the official repository of the MCST company and immediately contains all available packages. Here are the versions of some of the most significant (with the exception of development tools discussed in the next part of the article):
- office tools: abiword 2.8.6, evince 2.32.0, geeqie 1.1, gimp 2.6.12, gnumeric 1.10.0, graphviz 2.32.0, mtpaint 3.40, xsane 0.998;
- Internet tools: dillo 3.0.3, firefox 3.6.28, links 2.2, linphone 3.5.2, lynx 3.81, thunderbird 3.1.20, sylpheed 2.7.0;
- cryptography: gnutls 3.1.22, openssl 0.9.8zc, openvpn 2.2.2;
- multimedia: ffmpeg 1.0, mplayer 1.1.1;
- text editors: ed 1.7, leafpad 0.8.17, vim 7.3 + gvim 7.3;
- file managers: mc 4.7.0.8, thunar 1.4.0;
- command interpreters: bash 4.2.53, pdksh 5.2.14, tcsh 6.18.01, zsh 5.0.2;
- services: openssh 6.1p1, httpd 2.4.3, postgresql 9.2.3 + slony1 2.2.0, zeromq 2.1.11;
- package managers: apt 0.9.7.9, aptitude 0.6.8.2, dpkg 1.16.10, pkgtools 13.1.
The only graphical desktop environment is Xfce 4.10. Surprisingly, in the domestic operating system, newly created user profiles are set to the English interface language by default, and in the program menu there are no shortcuts for setting up switching keyboard layouts, and the current layout indicator is also nowhere to be seen. However, experienced users know that domestic Linux-based operating systems usually try to copy the “best” traditions of Windows: working as root and switching layouts using Alt+Shift.
Xfce desktop (approximate view)
Update dated 02/09/2016. The comments suggest that the function of taking screenshots is in the GIMP graphics editor - a fair remark, but for this you need to be an experienced user of this program; the author, although he processed all the illustrations for this article in GIMP, is not one of those experts. As for taking screenshots using command line utilities, either standardly available or built independently, this method was not considered due to its low friendliness to the average user.
As already mentioned, we were unable to launch any third-party operating system compiled for the x86 or x86‑64 architecture due to lack of documentation. Attempts to launch a custom application compiled for Linux x86‑64 directly from the Elbrus command line were also unsuccessful. There is no WinAPI emulation layer or tools for launching PE binaries in the system, and in order to build WinE yourself from source code, you need to port architecture-dependent sections of code. The Qemu emulator is also not included in the standard package, but it is more or less successfully assembled (with parameters ‑‑enable-tcg-interpreter ‑‑disable-werror) and it even seems to work in variants i386-softmmu, x86_64-softmmu, sparc-softmmu, sparc64-softmmu; porting is however required for "application" variants *-linux-user. Obviously, the creators of the Elbrus binary translation technology did not have this in mind at all when they talked about x86 hardware emulation, so we saw no point in testing the performance of Qemu - and it is so clear that it would be slow and sad.
Returning to the topic of standard software, we would venture to suggest that a typical user of this system is unlikely to feel deprived, since he will either have to solve problems in specialized third-party programs, or create simple documents in office packages, scan and print, and For this, few people need the latest versions. The only exception here, perhaps, is the web browser: the simplest Dillo and text Lynx / Links do not pretend to be anything, but Firefox 3.6 is, although not 1.5 from WSWS 3.0, but still hopelessly old for modern sites. This version is not supported, for example, by Yandex and Google maps (unlike OSM and Bing), Google Docs; you will only see the header of the Intel, Mail.ru and Sberbank websites. And, of course, in the absence of built-in support for HTML Video and the Flash plugin, you will not be able to watch videos on any site, be it foreign YouTube with a report on the launch of Doom 3 on the Elbrus 401‑PC or the ideologically faithful Kremlin.ru with speeches by the Supreme commander-in-chief. Apparently, this is also not considered a disadvantage, since the typical scenario for using such computers is access to internal, specially designed sites in a closed network of an enterprise or department.
Attempts to access the Internet(the word “Namoroka” in the screenshots is not another rebranding of Firefox for Debian, but just a codename for version 3.6) 
But a software update serves not only to expand functionality, but also eliminates serious errors and vulnerabilities - what to do with this? Apparently, information security ideologists believe that since there is no external access to a private network, and internal users who have physical access to their computers will not deliberately take malicious actions or connect dubious storage media through negligence, then there is nothing to worry about. As a last resort, if some bug really worries you and you want to talk about it, MCST has its own bugzilla with a login and tickets, in the sense that without the login given to you you will not get there, and you will only see tickets your own, even if the problem has already been discussed a thousand times with other clients and a solution has long been found.
The need to accelerate the development of the domestic software market, ensure maximum independence from foreign developments in the field of high technology and preserve information sovereignty was first discussed at the highest level in 2014, when US and EU sanctions sharply increased the risks associated with the use of foreign software in business and government organizations . It was then that the Ministry of Telecom and Mass Communications of the Russian Federation became seriously concerned about solving this strategically significant, in the opinion of officials, issue, along with stimulating demand for national products and developing appropriate measures to support domestic developers. As a result - in as soon as possible At the legislative level, restrictions were approved on the admission of foreign software in state and municipal procurement, as well as rules for the formation and maintenance of a unified register of Russian programs. All this had a positive impact on the software market in Russia, which Lately has been replenished with many interesting projects and developments. Including in the field of operating systems.
"Alt Linux SPT" is a unified Linux-based distribution for servers, workstations and thin clients with built-in information security software, which can be used to build automated systems up to class 1B inclusive and personal data information systems (PDIS) up to class 1K inclusive. The OS allows you to simultaneously store and process confidential data on one personal computer or server, provide multi-user work with restricted access to information, work with virtual machines, and also use centralized authorization tools. The certificate issued by FSTEC of Russia confirms the product’s compliance with the requirements of the following governing documents: “Computer equipment. Protection against unauthorized access to information. Indicators of security against unauthorized access to information" - according to security class 4; "Protection against unauthorized access to information. Part 1. Information security software. Classification according to the level of absence of undeclared capabilities” - according to the 3rd level of control and technical conditions. Technical support for Alt Linux SPT users is provided by the Free Software and Technologies company through its partner developer Basalt SPO.
⇡
Developer: Basalt SPO company
The Viola platform is a set of enterprise-level Linux distributions that allow you to deploy corporate IT infrastructure of any scale. The platform includes three distributions. This is a universal “Viola Workstation”, which includes an operating system and a set of applications for full-fledged work. The second is the server distribution "Alt Server", which can act as an Active Directory domain controller and contains the most complete set of services and environments for creating a corporate infrastructure (DBMS, mail and web server, authentication tools, work group, virtual machine management and monitoring, and others tools). The third is “Alt Education 8”, focused on everyday use in planning, organizing and conducting the educational process in general, secondary and higher education. In addition, the Basalt SPO product series includes the above-mentioned certified Alt Linux SPT distribution kit and the Simply Linux operating system for home users.
⇡
Developer: National Center for Informatization (part of the Rostec state corporation)
A Russian project to create an ecosystem of software products based on the Linux distribution, designed for complex automation of workplaces and IT infrastructure of organizations and enterprises, including in data centers, on servers and client workstations. The platform is presented in the “OS.Office” and “OS.Server” versions. They differ in the sets of application software included in the distribution kit. The office edition of the product contains the operating system itself, information security tools, a package of programs for working with documents, an email client and a browser. The server version includes an operating system, information security tools, monitoring and system management tools, an email server and a DBMS. Potential users of the platform include federal and regional bodies authorities, local governments, companies with state participation and state corporations. It is expected that the OSi-based ecosystem will in the near future become a full-fledged alternative to Western analogues.
Development of the research and production association "RusBITech", presented in two versions: Astra Linux Common Edition (general purpose) and Astra Linux Special Edition (special purpose). Peculiarities latest version OS: developed means of ensuring information security of processed data, a mechanism for mandatory access control and control of the closedness of the software environment, built-in tools for marking documents, recording events, monitoring data integrity, as well as other components ensuring information protection. According to the developers, Astra Linux Special Edition is the only software platform certified simultaneously in the information security certification systems of the FSTEC of Russia, the FSB, the Ministry of Defense of the Russian Federation and allows processing in automated means of all ministries, departments and other institutions Russian Federation restricted access information containing information constituting a state secret and classified no higher than “top secret”.
⇡ ROSALinux
Developer: LLC "NTC IT ROSA"
The ROSA Linux operating system family includes an impressive set of solutions designed for home use (ROSA Fresh version) and use in a corporate environment (ROSA Enterprise Desktop), deployment of infrastructure IT services of an organization (ROSA Enterprise Linux Server), processing of confidential information and personal data ( ROSA "Cobalt"), as well as information constituting a state secret (ROSA "Chrome" and "Nickel"). The listed products are based on the developments of Red Hat Enterprise Linux, Mandriva and CentOS with the inclusion large quantity additional components - including original ones created by programmers of the scientific and technical center for information technologies "ROSA". In particular, OS distributions for the corporate market segment include virtualization tools, software for organizing backups, tools for building private clouds, as well as centralized management of network resources and data storage systems.
⇡
Developer: Calculate company
Calculate Linux is available in Desktop, Directory Server, Scratch, and Scratch Server editions and is designed with home users and SMBs in mind who prefer to use open source software instead of proprietary solutions. Platform features: full-fledged operation in heterogeneous networks, a mechanism for roaming user profiles, tools for centralized software deployment, ease of administration, the ability to install on portable USB drives and support for binary repositories of Gentoo updates. It is important that the development team is accessible and open to any comments, suggestions and wishes of the user audience, as evidenced by the huge number of ways to get involved in the Calculate Linux community and platform development.
⇡ "Ulyanovsk.BSD »
Developer: Sergey Volkov
An operating system that is built on the freely distributed FreeBSD platform and contains the necessary set application programs for home users and office tasks. According to the only OS developer Sergei Volkov, Ulyanovsk.BSD is fully adapted to the needs of Russian-speaking users. “Our assembly is as lightweight as possible and is ideal for use both on home computers and on workstations of employees of various organizations, as well as for use in educational institutions,” says the author of the project, without going into details of how exactly the product he compiled differs from the original. The credibility of the project is added not only by the presence of a commercially distributed distribution and paid technical support, but also by an entry in the Russian software registry. This means that the Ulyanovsk.BSD software platform can be legally used by government organizations as part of projects to introduce import-substituting technologies.
A certified and secure operating system that allows you to process information in accordance with Federal Law No. 152 “On Personal Data” and implement systems for processing restricted access information that is not related to state secrets. ICLinux includes remote administration tools, has a built-in firewall certified for compliance with the RD ME for security class 3, supports RDP, X-Windows System, SSH, Telnet, VNC, VPN, NX, ICA and other protocols. The platform’s assets also include compatibility with the authentication tools of the Aladdin R.D. company. and a modular architecture that allows you to flexibly customize the operating system to suit customer requirements.
⇡ "Alpha OS" (Alfa OS)
Developer: ALFA Vision company
Another Linux clone, equipped with a user interface a la macOS with a set of familiar office applications and filled with deep philosophical meaning. No joke, on the developer’s website in the “About the Company” section, it says: “ The operating system is a special phenomenon, a point at which technological, aesthetic and humanitarian concepts converge. A peak that is visible from all sides. For it to shine and become what it should be, a wide variety of meaningful experiences are needed. And we have it" There is so much expression in these words, what a presentation of information! Agree, not everyone can present their product to a wide audience so expressively. Currently, Alpha OS is presented as a desktop version for x86-compatible systems. In the future, ALFA Vision intends to roll out mobile and server editions of the OS to the market, as well as a distribution kit for devices based on ARM processors.
A software platform developed specifically for computing systems with SPARC and Elbrus architecture. A special feature of the system is the radically redesigned Linux kernel, which has implemented special mechanisms for managing processes, virtual memory, interrupts, signals, synchronization, and support for tagged calculations. " We have done fundamental work to transform the Linux OS into an operating system that supports real-time operation, for which relevant optimizations have been implemented in the kernel. During real-time work, you can set various modes for processing external interrupts, scheduling calculations, exchanges with disk drives, and some others", explains the MCST company. In addition, a set of tools for protecting information from unauthorized access is built into the core of the Elbrus software platform, which allows you to use the OS to build automated systems that meet the highest information security requirements. The system also includes archiving, task scheduling, software development and other tools.
⇡ "EdOS"
An operating system based on the Linux kernel, designed to ensure the security of processed data. "Red OS" complies with domestic information security requirements, has pre-configured configurations for each hardware architecture, uses GOST 34.11-2012 algorithms in the ssh and NX protocols, and also supports access control lists. In addition, the OS supports network authentication using plug-in authentication modules (PAM, Pluggable Authentication Modules) and includes a specialized distributed audit subsystem that allows you to monitor critical security events in the corporate network and provides the IT administrator with the necessary tools for prompt response to incidents IB.
⇡ GosLinux (“GosLinux”)
Developer: Red Soft company
GosLinux OS was created specifically for the needs of the Federal Bailiff Service of the Russian Federation (FSSP of Russia) and is suitable for use in all government bodies, state extra-budgetary funds and local governments. The platform is built on the CentOS 6.4 distribution, which includes developments from Red Hat Enterprise Linux. The system is presented in two editions - for servers and workstations, contains a simplified graphical interface and a set of pre-configured information security tools. The OS developer is the Red Soft company, which won the competition in March 2013 for the development, implementation and maintenance of automated information systems of the Federal Bailiff Service of Russia. In 2014, the system received a certificate of conformity from the FSTEC of Russia, confirming that GosLinux has an estimated trust level of OUD3 and complies with the requirements of the governing document of the State Technical Commission of the Russian Federation for the 4th level of control over the absence of undeclared capabilities. GosLinux OS distribution for organs state power posted in the national fund of algorithms and programs at nfap.minsvyaz.ru. Currently, the GosLinux platform is being actively deployed in all territorial bodies and divisions of the Federal Bailiff Service of Russia. The OS was also handed over for trial operation to representatives of the authorities of the Nizhny Novgorod, Volgograd and Yaroslavl regions.
⇡
Developer: Almi LLC
Product website:
Another Linux build on our list that definitely doesn't suffer from a lack of praise from developers. " Unique, ideal, simple, combining the convenience of the Windows operating system, the stability of macOS and the security of Linux“- such phrases raising AlterOS to the skies are stitched up and down the official website of the product. What exactly is the uniqueness of the domestic platform is not stated on the site, but information is provided about three editions of the OS: AlterOS “Volga” for the public sector, AlterOS “Amur” for the corporate segment and AlterOS “Don” for servers. The system is reported to be compatible with many software solutions in demand in the business environment, including 1C and Consultant Plus, as well as domestic cryptographic protection tools (for example, CryptoPro). Special emphasis is placed on the absence in the version of the platform for government organizations of software that interacts with foreign servers - everything is done according to the canons of maximum import substitution, the developers say.
⇡ Mobile Armed Forces System (MSMS)
Developer: All-Russian Research Institute of Control Automation in the Non-Industrial Sphere named after. V.V. Solomatina (VNIINS)
A secure general-purpose operating system designed for building stationary and mobile secure automated systems in Armed Forces Russian Federation. Accepted for supply to the RF Armed Forces in 2002. WSWS is based on the Linux kernel and components, supplemented by discretionary, mandatory and role-based models for restricting access to information. The system operates on hardware platforms Intel (x86 and x86_64), SPARC (Elbrus-90micro), MIPS, PowerPC64, SPARC64 and is certified according to the information security requirements of the Ministry of Defense of the Russian Federation. The security measures implemented in WSWS make it possible to create automated systems based on the platform that process information that constitutes a state secret and has a secrecy level of “SS” (top secret).
⇡ "Zarya"
Developer: Federal State Unitary Enterprise "Central Research Institute of Economics, Informatics and Control Systems" ("TsNII EISU", part of the "United Instrument-Making Corporation")
A family of software platforms based on the Linux kernel, which represent an alternative to foreign operating systems currently used in law enforcement agencies, the public sector and defense enterprises. The Zarya desktop operating system is compatible with most traditional office applications and programs. The Zarya-DPC server platform allows you to organize an application server or database server. To build data centers, it offers a standard set of server software, virtualization tools, as well as the ability to work on so-called “big hardware,” including mainframes. For embedded systems operating without human intervention, which must process information in real time, a special OS “Zarya RV” has been developed. The system corresponds to the third class of protection against unauthorized access and the second level of control over the absence of undeclared capabilities. The platform was developed by order of the Russian Ministry of Defense and is expected to be in demand by law enforcement agencies, the defense complex, as well as commercial structures working with state secrets and personal data.
Operating system for terminal stations. It is based on Linux and contains only the necessary set of tools for organizing workspaces using thin clients. All features beyond this scope are excluded from the distribution. Kraftway Terminal Linux supports many application-level network protocols (RDP, VNC, SSH, NX, XWindow, VMWare View PCoIP, etc.), allows you to configure access rights for forwarding USB media, provides the ability to use network and local printers, and contains configuration recovery tools OS during reboot, as well as tools for remote group management of terminal stations and administration of workstations. A special feature of the system is its high security. Kraftway Terminal Linux also supports user authentication hardware: eToken PRO and eToken PRO Java USB keys from Aladdin R.D. CJSC, as well as RuToken S and RuToken EDS from Active-Soft CJSC. The OS update can be carried out by the administrator via local network or from a USB flash drive. It is possible to configure auto-update both from the customer’s local server and from the Kraftway server.
⇡ WTware
Developer: Andrey Kovalev
Another software platform for deploying workplaces in the IT infrastructure of an enterprise using inexpensive terminal solutions. The WTware distribution includes services for downloading over the network, tools for working with printers, barcode scanners and other peripheral equipment. COM and USB port redirection is supported, as well as smart card authentication. To connect to the terminal server, the RDP protocol is used, and to quickly resolve issues that arise when setting up the operating system, detailed documentation is included in the distribution kit. WTware is distributed under commercial terms and licensed by the number of workstations. The developer offers a free version of the OS for the Raspberry Pi minicomputer.
⇡ KasperskyOS
Developer: Kaspersky Lab
A secure operating system designed for use in critical infrastructures and devices. The Kaspersky Lab platform can be used in automated process control systems (APCS), telecommunications equipment, medical devices, cars and other gadgets from the world of the Internet of Things. The OS was created from scratch and, due to its architecture, guarantees a high level of information security. The basic operating principle of KasperskyOS comes down to the rule “everything that is not permitted is prohibited.” This eliminates the possibility of exploiting both already known vulnerabilities and those that will be discovered in the future. At the same time, all security policies, including prohibitions on performing certain processes and actions, are configured in accordance with the needs of the organization. The platform will be supplied as pre-installed software on various types of equipment used in industrial and corporate networks. Currently, Kaspersky Lab's secure OS is embedded in an L3 routing switch developed by Kraftway.
A real-time operating system (RTOS), written by AstroSoft programmers from scratch, without borrowing anyone else's code, and designed primarily for the Internet of Things and embedded devices. In addition, it is suitable for robotics, medical equipment, smart home and smart city systems, consumer electronics, etc. For the first time, the MAX real-time OS (the abbreviation stands for “multi-agent coherent system”) was demonstrated to a wide audience in January 2017. The platform not only implements all the classic functionality of products of this type, but also has a number of unique capabilities for organizing the interaction of many devices, making it possible to simplify the creation of mechanisms necessary in embedded systems: redundancy, hot-swappable equipment, etc. One of the features of MAX is support for shared memory at the device level. This mechanism ensures automatic synchronization of information between nodes of a distributed system, resistant to failures of individual components. RTOS "MAX" is included in the register of domestic software. In addition, the product is registered with the Federal Service for Intellectual Property (Rospatent) and is currently undergoing certification by the Federal Service for Technical and Export Control (FSTEC of Russia) for the fourth level of control of undeclared capabilities (NDV).
⇡ As a conclusion
There are two approaches to creating Russian software. The first is to write source code products from scratch, entirely by domestic specialists. The second option involves the creation of national software based on the modification of borrowed source codes. This is precisely what Russian software companies working in the field of software import substitution adhere to. Our top 20 operating systems with the “Made in Russia” label are a clear confirmation of this. Whether this is good or bad is a big question, a subject for a separate discussion.
On April 3, 2019 it became known that the Elbrus operating system of the MCST company became available for download. One of the company’s employees reported this on his personal website, indicating that MCST had updated the section of the corporate website dedicated to its software.
According to information as of April 2019, the user can independently download the distribution kit, list of packages and documentation for the younger open version(3.0, Linux kernel 3.14) Elbrus OS for standard x86 architecture - both 32- and 64-bit. For the older open version (4.0, Linux kernel 4.9), links for downloading the distribution, packages and documentation yourself should appear later (when exactly is not specified). For all other versions of the OS, including those designed to run on MCST processors of the Elbrus and R lines (SPARC architecture), the full set of software is available to users only “on request” - as before for all types of software, clarified the